CVE-2006-6018

Name of the Vulnerable Software and Affected Versions My-BIC version 0.6.5

Description A remote file inclusion issue in mybic server.php allows remote attackers to execute arbitrary PHP code via a URL in the INC PATH parameter. This issue is disputed by third-party researchers because INC PATH is a constant.

Recommendations For version 0.6.5, as a temporary workaround, consider restricting access to the mybic server.php file until a patch is available. Avoid using the INC PATH parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.