CVE-2006-7068

Name of the Vulnerable Software and Affected Versions CliServ Web Community versions 0.65 and earlier

Description A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the cl headers parameter to API endpoints such as "menu.php3" and "login.php3".

Recommendations For CliServ Web Community versions 0.65 and earlier, consider disabling the cl headers parameter in the affected API endpoints until a patch is available. Restrict access to "menu.php3" and "login.php3" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.