CVE-2006-5588

Name of the Vulnerable Software and Affected Versions: CMS Faethon versions 2.0 Ultimate and earlier

Description: The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the mainpath parameter to specific PHP files, such as "includes/rss-reader.php" or "admin/config.php", when certain PHP settings like register globals and magic quotes gpc are enabled.

Recommendations: For CMS Faethon versions 2.0 Ultimate and earlier, consider disabling the register globals and magic quotes gpc settings to mitigate the risk of exploitation. Additionally, restrict access to the "includes/rss-reader.php" and "admin/config.php" files until a patch is available. Avoid using the mainpath parameter in these files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.