CVE-2006-5115

Name of the Vulnerable Software and Affected Versions KGB version 1.87

Description A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This can be achieved by using a .. (dot dot) in the engine parameter. Attackers can upload a file containing PHP code with an image/jpeg content type and then reference this file through the engine parameter.

Recommendations For KGB version 1.87, consider restricting access to the kgcall.php file and the engine parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the engine parameter until a patch is available.