CVE-2006-7183

Name of the Vulnerable Software and Affected Versions Exhibit Engine (EE) versions 1.22 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter. This is a result of a PHP remote file inclusion vulnerability in the styles.php file.

Recommendations For Exhibit Engine (EE) versions 1.22 and earlier, consider updating to a version later than 1.22 to resolve the issue. As a temporary workaround, restrict access to the styles.php file to minimize the risk of exploitation. Avoid using the toroot parameter in the affected URL until the issue is resolved.