CVE-2006-4210

Name of the Vulnerable Software and Affected Versions phPay versions 2.02 through 2.02.1

Description The issue allows remote attackers to use the server as an open mail relay. This is possible when the register globals setting is enabled, and attackers can modify certain parameters, including mail text2, user row[5], nu mail 1, and shop mail.

Recommendations For phPay versions 2.02 through 2.02.1, disable the register globals setting to prevent exploitation. Additionally, restrict access to the nu mail.inc.php file and avoid using the vulnerable parameters until a fix is available.