CVE-2006-4277

Name of the Vulnerable Software and Affected Versions Tutti Nova versions 1.6 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the TNLIB DIR parameter to specific PHP files, including "include/novalib/class.novaAdmin.mysql.php" and "novalib/class.novaRead.mysql.php".

Recommendations For Tutti Nova versions 1.6 and earlier, consider restricting access to the TNLIB DIR parameter to prevent remote file inclusion attacks until a patch is available. As a temporary workaround, avoid using the TNLIB DIR parameter in URLs that include sensitive PHP files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.