CVE-2006-5097

Name of the Vulnerable Software and Affected Versions net2ftp versions 0.1 through 0.62

Description A remote file inclusion issue in index.php allows remote attackers to execute arbitrary PHP code via a URL in the application rootdir parameter. However, this issue has been disputed by a third-party researcher and the vendor, who claims that the variable is set in settings.inc.php and thus is not a vulnerability.

Recommendations For net2ftp versions 0.1 through 0.62, consider restricting access to the application rootdir parameter to minimize the risk of exploitation. However, given the dispute over the issue, it is essential to review the settings.inc.php file to understand how the application rootdir variable is handled. At the moment, there is no information about a newer version that contains a fix for this vulnerability.