CVE-2006-6801

Name of the Vulnerable Software and Affected Versions: SH-News version 0.93

Description: The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved via the news cfg[path] parameter in the misc.php file.

Recommendations: For SH-News version 0.93, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the misc.php file to minimize the risk of arbitrary PHP code execution. Avoid using the news cfg[path] parameter in the affected file until the issue is resolved.