CVE-2006-6341

Name of the Vulnerable Software and Affected Versions mg.applanix versions 1.3.1 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the apx root path parameter to specific API endpoints, including "/act/act check access.php", "/dsp/dsp form booking ctl.php", and "/dsp/dsp bookings.php".

Recommendations For mg.applanix versions 1.3.1 and earlier, consider restricting access to the vulnerable API endpoints "/act/act check access.php", "/dsp/dsp form booking ctl.php", and "/dsp/dsp bookings.php" to minimize the risk of exploitation. Avoid using the apx root path parameter in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.