CVE-2006-4878

Name of the Vulnerable Software and Affected Versions PHP-Post (PHPp) versions 1.0 through 1.0.1

Description A directory traversal issue exists, allowing remote attackers to read and include arbitrary local files by using a .. (dot dot) sequence in the template parameter of the footer.php file. This issue can also lead to code execution by uploading and accessing an avatar file.

Recommendations For PHP-Post (PHPp) versions 1.0 through 1.0.1, consider restricting access to the footer.php file and the template parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the template parameter in the footer.php file until a patch is available.