CVE-2007-0972

Name of the Vulnerable Software and Affected Versions: Jupiter CMS version 1.1.5

Description: The issue is related to an unrestricted file upload vulnerability. This allows remote attackers to upload arbitrary files by modifying the HTTP request, specifically by sending an image content type and omitting certain parameters, such as is guest and is user.

Recommendations: For Jupiter CMS version 1.1.5, consider restricting access to the modules/emoticons.php file to prevent arbitrary file uploads until a patch is available. As a temporary workaround, modify the HTTP request handling to validate and enforce the presence of required parameters, such as is guest and is user, and to properly check the content type of uploaded files.