CVE-2006-5510

Name of the Vulnerable Software and Affected Versions PHPexplorer version 0.24

Description A directory traversal issue exists, allowing remote attackers to include arbitrary local files via ".." sequences in the Language cookie. This can be exploited by uploading a file, such as a .gif file, that contains PHP code.

Recommendations For PHPexplorer version 0.24, as a temporary workaround, consider restricting access to the explorer load lang.php file until a patch is available. Avoid using the Language cookie in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.