CVE-2007-5734

Name of the Vulnerable Software and Affected Versions eFileMan versions 7.1.0.87 through 7.1.0.88

Description The issue allows remote attackers to upload arbitrary files. This is achieved by accessing the "upload.cgi" endpoint from "upload.html" with unspecified vectors, resulting in files being uploaded to the "uploads/upload file." destination.

Recommendations For versions 7.1.0.87 and 7.1.0.88, consider restricting access to the "upload.cgi" endpoint until a patch is available. As a temporary workaround, restrict the ability to upload files to the "uploads/upload file." destination to minimize the risk of exploitation.