CVE-2006-3478

Name of the Vulnerable Software and Affected Versions MyPHP CMS versions 0.3 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the domain parameter when register globals is enabled. This is due to a PHP remote file inclusion vulnerability in the styles/default/global header.php file.

Recommendations For MyPHP CMS versions 0.3 and earlier, consider disabling the register globals setting to prevent exploitation until a patch is available. Additionally, restrict access to the styles/default/global header.php file to minimize the risk of arbitrary PHP code execution.