CVE-2006-3421

Name of the Vulnerable Software and Affected Versions SmartSiteCMS versions 1.0 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code when the register globals setting is enabled. This is achieved by exploiting the root parameter in various PHP files, including "comment.php", "admin/comedit.php", "admin/test.php", "admin/index.php", and "admin/include/inc adminfoot.php".

Recommendations For SmartSiteCMS versions 1.0 and earlier, disable the register globals setting to prevent exploitation. Additionally, consider restricting access to the vulnerable PHP files until a fix is available. As a temporary workaround, avoid using the root parameter in the affected files.