CVE-2007-1235

Name of the Vulnerable Software and Affected Versions sitex (affected versions not specified)

Description The issue concerns an unrestricted file upload vulnerability. Remote attackers can upload arbitrary PHP code by using an avatar filename with a double extension, such as .php.jpg. This filename fails verification and is saved as a .php file, allowing potential execution of malicious code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.