CVE-2006-4160

Name of the Vulnerable Software and Affected Versions MVCnPHP version 3.0

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path library] parameter to specific PHP files, including (1) BaseCommand.php, (2) BaseLoader.php, and (3) BaseView.php.

Recommendations For MVCnPHP version 3.0, consider restricting access to the glConf[path library] parameter to prevent remote file inclusion attacks. As a temporary workaround, restrict access to the vulnerable PHP files, including BaseCommand.php, BaseLoader.php, and BaseView.php, until a patch is available.