CVE-2006-5763

Name of the Vulnerable Software and Affected Versions: Free File Hosting versions 1.1 and earlier Free Image Hosting version 2.0

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the AD BODY TEMP parameter to specific API endpoints, including "/login.php", "/register.php", or "/send.php", when register globals is enabled. This affects Free File Hosting and also Free Image Hosting due to shared code.

Recommendations: For Free File Hosting versions 1.1 and earlier, consider disabling the register globals setting to mitigate the risk of exploitation. For Free Image Hosting version 2.0, restrict access to the affected API endpoints until a fix is applied. As a temporary workaround, avoid using the AD BODY TEMP parameter in the affected API endpoints until the issue is resolved.