CVE-2006-6551

Name of the Vulnerable Software and Affected Versions Tucows Client Code Suite (CCS) versions 1.2.1015 and earlier

Description A remote file inclusion issue allows attackers to execute arbitrary PHP code via a URL in the ENV[TCA HOME] parameter. This can be exploited by providing a malicious URL, potentially leading to the execution of unauthorized code.

Recommendations For Tucows Client Code Suite (CCS) versions 1.2.1015 and earlier, as a temporary workaround, consider restricting access to the libs/tucows/api/cartridges/crt TUCOWS domains/lib/domainutils.inc.php file until a patch is available. Avoid using the ENV[TCA HOME] parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.