CVE-2006-5485

Name of the Vulnerable Software and Affected Versions SpeedBerg version 1.2beta1

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the SPEEDBERG PATH parameter to various PHP files, including (1) entrancePage.tpl.php, (2) generalToolBox.tlb.php, (3) myToolBox.tlb.php, (4) scriplet.inc.php, (5) simplePage.tpl.php, (6) speedberg.class.php, and (7) standardPage.tpl.php.

Recommendations For SpeedBerg version 1.2beta1, consider restricting access to the SPEEDBERG PATH parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the SPEEDBERG PATH parameter in the affected PHP files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.