CVE-2006-2877

Name of the Vulnerable Software and Affected Versions Bookmark4U versions 2.0.0 and earlier

Description A remote file inclusion issue allows remote attackers to include arbitrary PHP files via the include prefix parameter in several PHP files, including (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. However, it has been reported that the inc directory is protected by a .htaccess file, which limits the applicability of this issue to certain environments or configurations.

Recommendations For Bookmark4U versions 2.0.0 and earlier, consider restricting access to the include prefix parameter in the affected PHP files until a patch is available. As a temporary workaround, restrict access to the inc directory by reinforcing the .htaccess file protection or applying alternative access control measures to minimize the risk of exploitation.