CVE-2006-4545

Name of the Vulnerable Software and Affected Versions ModuleBased CMS Pre-Alpha

Description The issue allows remote attackers to execute arbitrary PHP code via the SERVER parameter in several files, including "admin/avatar.php", "libs/archive.class.php", "libs/login.php", "libs/profiles.class.php", and "libs/profile/proccess.php". However, it is noted that the SERVER array and the SERVER[DOCUMENT ROOT] index are controlled by PHP and cannot be manipulated by an attacker.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.