CVE-2006-4863

Name of the Vulnerable Software and Affected Versions mcLinksCounter version 1.1

Description The issue allows remote attackers to potentially execute arbitrary PHP code via a URL in the langfile parameter in several PHP files, including "login.php", "stats.php", "detail.php", and "erase.php". However, it's noted that the langfile parameter is set to "english.php" in each file, which may mitigate the issue.

Recommendations For mcLinksCounter version 1.1, consider restricting access to the langfile parameter in the affected PHP files to minimize the risk of exploitation. As a temporary workaround, ensure the langfile parameter is set to a trusted file, such as "english.php", to prevent arbitrary PHP code execution.