CVE-2006-4423

Name of the Vulnerable Software and Affected Versions Bigace version 1.8.2

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in specific parameters. This is achieved through the GLOBALS[ BIGACE][DIR][admin] parameter in files such as system/command/admin.cmd.php, admin/include/upload form.php, and admin/include/item main.php, and the GLOBALS[ BIGACE][DIR][libs] parameter in files like system/command/admin.cmd.php and system/command/download.cmd.php.

Recommendations For Bigace version 1.8.2, consider restricting access to the system/command/admin.cmd.php, admin/include/upload form.php, admin/include/item main.php, and system/command/download.cmd.php files to minimize the risk of exploitation. Avoid using the GLOBALS[ BIGACE][DIR][admin] and GLOBALS[ BIGACE][DIR][libs] parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.