CVE-2007-1097

Name of the Vulnerable Software and Affected Versions Wiclear versions prior to 0.11.1

Description The issue is related to an unrestricted file upload vulnerability in the onAttachFiles function within the upload tool, specifically in the inc/lib/attachment.lib.php file. This vulnerability allows remote attackers to upload and execute arbitrary PHP code, leveraging unspecified vectors related to filename validation.

Recommendations For versions prior to 0.11.1, update to version 0.11.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the upload tool or disabling the onAttachFiles function until a patch is applied. Avoid using the upload tool with unvalidated filenames to minimize the risk of exploitation.