CVE-2007-0147

Name of the Vulnerable Software and Affected Versions Cuyahoga versions prior to 1.0.1

Description The issue arises from an incorrect deny statement in a Web.config file, specifically related to the FCKEditor component. This configuration error allows remote attackers to upload files, despite these privileges being intended only for the Administrator and Editor roles.

Recommendations For versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the FCKEditor component to minimize the risk of exploitation.