CVE-2003-1552

Name of the Vulnerable Software and Affected Versions Uploader version 1.1

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the uploader.php script, and then accessing it via a direct request to the file in the uploads/ directory.

Recommendations For version 1.1, consider restricting the types of files that can be uploaded through the uploader.php script to prevent the execution of arbitrary code, or apply additional validation to ensure only authorized file types are uploaded. As a temporary workaround, consider disabling the uploader.php script until a more secure version is available.