CVE-2006-6167

Name of the Vulnerable Software and Affected Versions Active PHP Bookmarks version 1.1.02

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the APB SETTINGS['apb path'] parameter in (1) apb common.php or (2) apb.php. However, it is noted that the PHP scripts exit if the attack vectors are present in GPC variables, which is disputed by some parties.

Recommendations For version 1.1.02, consider restricting access to the apb common.php and apb.php scripts to minimize the risk of exploitation. Additionally, avoid using the APB SETTINGS['apb path'] parameter in these scripts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.