CVE-2006-5768

Name of the Vulnerable Software and Affected Versions: Cyberfolio versions 2.0 RC1 and earlier

Description: The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This can be achieved by providing a URL in the av parameter to specific API endpoints, including "msg/view.php", "msg/inc message.php", "msg/inc envoi.php", and "admin/incl voir compet.php".

Recommendations: For Cyberfolio versions 2.0 RC1 and earlier, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the vulnerable API endpoints until a fix is available. As a temporary workaround, avoid using the av parameter in the affected endpoints.