CVE-2006-2608

Name of the Vulnerable Software and Affected Versions artmedic newsletter version 4.1

Description The issue allows remote attackers to modify arbitrary files and execute arbitrary PHP code when register globals is enabled. This is achieved by exploiting the logfile parameter in a direct request to "log.php", which redefines the $logfile variable to an attacker-controlled value. For example, an attacker can inject PHP code into "info.php".

Recommendations For artmedic newsletter version 4.1, consider disabling the register globals setting to prevent exploitation. As a temporary workaround, restrict access to the "log.php" file to minimize the risk of arbitrary file modification and PHP code execution. Avoid using the logfile parameter in direct requests to "log.php" until the issue is resolved.