CVE-2006-4837

Name of the Vulnerable Software and Affected Versions DCP-Portal SE version 6.0

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in library/lib.php and library/editor/editor.php. It can also be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.

Recommendations For DCP-Portal SE version 6.0, consider restricting access to the library/lib.php and library/editor/editor.php files to minimize the risk of exploitation. Avoid using the root parameter in these files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.