CVE-2006-5255

Name of the Vulnerable Software and Affected Versions gCards version 1.13

Description A remote file inclusion issue exists, allowing remote attackers to execute arbitrary PHP code. This is achieved via a URL in the languagefile parameter in the addnews.php file. However, it has been observed that languageFile is defined before use, which may affect the vulnerability's impact.

Recommendations For gCards version 1.13, consider restricting access to the addnews.php file or the languagefile parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the languagefile parameter in the affected API endpoint until the issue is resolved.