CVE-2006-6975

Name of the Vulnerable Software and Affected Versions CentiPaid version 1.4.3

Description The issue allows remote attackers to execute arbitrary code via a URL in the class pwd parameter in the centipaid class.php file. However, it has been disputed by multiple parties, who claim that the $class pwd variable is set to a static value before the relevant include statement, potentially mitigating the issue.

Recommendations For CentiPaid version 1.4.3, consider restricting access to the centipaid class.php file to minimize the risk of exploitation. As a temporary workaround, review the code to ensure that the $class pwd variable is indeed set to a static value before the include statement, and monitor for any potential security breaches. At the moment, there is no information about a newer version that contains a fix for this vulnerability.