This can only be exploited by a user that has 'create products' permission.
Upgrade to version 4.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Vendor Specific Advisory URL
Secunia Advisory ID:21604
FrSIRT Advisory: ADV-2006-3364
Bugtraq ID: 19675