CVE-2006-4063

Name of the Vulnerable Software and Affected Versions Csaba Godor SAPID Blog versions Beta 2 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the root path parameter to specific PHP files, such as usr/extensions/get blog infochannel.inc.php, usr/extensions/get blog meta info.inc.php, or usr/extensions/get infochannel.inc.php. Alternatively, it can be done through the GLOBALS[root path] parameter to usr/extensions/get tree.inc.php.

Recommendations For Csaba Godor SAPID Blog versions Beta 2 and earlier, consider disabling access to the usr/extensions directory until a patch is available. Restrict the use of the root path and GLOBALS[root path] parameters in the affected PHP files to minimize the risk of exploitation. Avoid using these parameters in the specified API endpoints until the issue is resolved.