CVE-2006-2633

Name of the Vulnerable Software and Affected Versions ByteHoard versions 2.1 and earlier

Description The issue allows remote authenticated users to create or overwrite files in other users' directories. This is achieved by specifying the absolute path of the directory in the infolder parameter and simultaneously specifying the filename in the filepath parameter in the copy action in index.php.

Recommendations For ByteHoard versions 2.1 and earlier, as a temporary workaround, consider restricting access to the copy action in index.php until a patch is available. Avoid using the infolder and filepath parameters in the copy action to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.