CVE-2006-6285

Name of the Vulnerable Software and Affected Versions Kai Blankenhorn Bitfolge simple and nice index file (aka snif) versions 1.5.2 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the externalConfig parameter. However, it's noted that $externalConfig is defined before use, which has led to disputes about this vulnerability from CVE and other third parties.

Recommendations For versions 1.5.2 and earlier, consider restricting access to the externalConfig parameter in the index.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.