CVE-2006-2726

Name of the Vulnerable Software and Affected Versions Fastpublish CMS version 1.6.9.d

Description The issue allows remote attackers to include arbitrary files via the config[fsBase] parameter in several PHP files, including "drucken.php", "drucken2.php", "email an benutzer.php", "rechnung.php", "suche/search.php", and "adminbereich/admin.php".

Recommendations For Fastpublish CMS version 1.6.9.d, restrict access to the vulnerable parameters, such as config[fsBase], in the affected PHP files until a patch is available. Consider disabling the execution of external files through these parameters as a temporary workaround to minimize the risk of exploitation.