CVE-2006-5899

Name of the Vulnerable Software and Affected Versions @cid stats version 2.3

Description A remote file inclusion issue in install.php3 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter. Note that this issue has been disputed by a third party, who claims that install.php3 is intended to be deleted after installation and, if not deleted, intentionally allows setting repertoire without an inclusion attack.

Recommendations For @cid stats version 2.3, ensure that install.php3 is deleted after installation to prevent potential exploitation. As a temporary workaround, consider restricting access to install.php3 to minimize the risk of exploitation. Avoid using the repertoire parameter in the affected install.php3 file until the issue is resolved.