CVE-2006-6586

Name of the Vulnerable Software and Affected Versions Vortex Blog (vBlog, aka C12) version a0.1 nonfunc

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter in (1) "secure.php" or (2) "checklogin.php" in admin/auth/.

Recommendations For Vortex Blog (vBlog, aka C12) version a0.1 nonfunc, as a temporary workaround, consider restricting access to the secure.php and checklogin.php files in the admin/auth/ directory until a patch is available. Avoid using the cfgProgDir parameter in the affected API endpoints until the issue is resolved.