CVE-2006-6552

Name of the Vulnerable Software and Affected Versions BLOG:CMS versions 4.1.3 and earlier

Description A remote file inclusion issue allows attackers to execute arbitrary PHP code via a URL in the DIR ADMIN parameter. This affects the NP UserSharing.php file in the admin/plugins directory.

Recommendations For BLOG:CMS versions 4.1.3 and earlier, update to a version later than 4.1.3 to resolve the issue. As a temporary workaround, consider restricting access to the NP UserSharing.php file in the admin/plugins directory to minimize the risk of exploitation. Avoid using the DIR ADMIN parameter in the affected URL until the issue is resolved.