CVE-2006-4076

Name of the Vulnerable Software and Affected Versions docpile:we version 0.2.2

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the INIT PATH parameter to various PHP files, including (1) lib/access.inc.php, (2) lib/folders.inc.php, (3) lib/init.inc.php, or (4) lib/templates.inc.php.

Recommendations For docpile:we version 0.2.2, consider restricting access to the INIT PATH parameter in the affected API endpoints, such as lib/access.inc.php, lib/folders.inc.php, lib/init.inc.php, and lib/templates.inc.php, until a patch is available. As a temporary workaround, avoid using the INIT PATH parameter in these files to minimize the risk of exploitation.