CVE-2006-4283

Name of the Vulnerable Software and Affected Versions SOLMETRA SPAW Editor versions 1.0.6 through 1.0.7

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the spaw dir parameter in various scripts, including "a.php", "collorpicker.php", "img.php", "img library.php", "table.php", or "td.php".

Recommendations For versions 1.0.6 and 1.0.7, consider restricting access to the spaw dir parameter in the affected scripts to minimize the risk of exploitation. As a temporary workaround, consider disabling the execution of PHP code in the dialogs/scripts until a patch is available.