CVE-2006-6852

Name of the Vulnerable Software and Affected Versions: tDiary versions 2.0.3 through 2.1.4.20061127

Description: The issue allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml.

Recommendations: For tDiary versions 2.0.3 through 2.1.4.20061127, consider restricting access to conf.rhtml and i.conf.rhtml until a patch is available. As a temporary workaround, consider implementing additional input validation measures to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.