CVE-2006-6740

Name of the Vulnerable Software and Affected Versions: phpProfiles versions 3.1.2b and earlier

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter to various PHP files, including "include/body.inc.php" and "include/body admin.inc.php", or a URL in the incpath parameter to multiple files such as "index.inc.php", "account.inc.php", and others in the include/ directory. This can be achieved by manipulating the menu or incpath parameters to include malicious PHP code.

Recommendations: For phpProfiles versions 3.1.2b and earlier, consider disabling the menu and incpath parameters in the affected PHP files until a patch is available. Restrict access to the include/ directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.