CVE-2006-2860

Name of the Vulnerable Software and Affected Versions Webspotblogging version 3.0.1 Webspotblogging versions 3.0 and earlier

Description A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to various PHP files, including (1) "inc/logincheck.inc.php", (2) "inc/adminheader.inc.php", (3) "inc/global.php", or (4) "inc/mainheader.inc.php".

Recommendations For Webspotblogging version 3.0.1, consider disabling the path parameter in the affected PHP files until a patch is available. For Webspotblogging versions 3.0 and earlier, restrict access to the vulnerable PHP files, such as "inc/logincheck.inc.php", "inc/adminheader.inc.php", "inc/global.php", and "inc/mainheader.inc.php", to minimize the risk of exploitation.