CVE-2006-2843

Name of the Vulnerable Software and Affected Versions Redaxo version 2.7.4

Description A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE PATH] parameter in certain files, including addons/import export/pages/index.inc.php and pages/community.inc.php.

Recommendations For Redaxo version 2.7.4, consider restricting access to the REX[INCLUDE PATH] parameter in the affected files until a patch is available. As a temporary workaround, avoid using the REX[INCLUDE PATH] parameter in the /addons/import export/pages/index.inc.php and /pages/community.inc.php API endpoints.