CVE-2006-6938

Name of the Vulnerable Software and Affected Versions: NitroTech version 0.0.3a

Description: The issue allows remote attackers to include arbitrary files via ".." sequences in the root parameter in the includes/common.php file.

Recommendations: For NitroTech version 0.0.3a, consider restricting access to the vulnerable includes/common.php file until a patch is available. As a temporary workaround, avoid using the root parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.