CVE-2006-6549

Name of the Vulnerable Software and Affected Versions Rad Upload version 3.02

Description A remote file inclusion issue exists due to the handling of the save path parameter in the upload.php file. This could potentially allow remote attackers to execute arbitrary PHP code by providing a URL in the save path parameter. However, it's noted that the save path is initially defined as an empty string before use.

Recommendations For Rad Upload version 3.02, ensure that the save path parameter is properly validated and sanitized to prevent remote file inclusion attacks. Consider temporarily restricting access to the upload.php file until a proper fix can be applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.