CVE-2008-0805

Name of the Vulnerable Software and Affected Versions PHPizabi version 0.848b C1 HFP1

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures. This is due to an unrestricted file upload vulnerability in the image.php file.

Recommendations For PHPizabi version 0.848b C1 HFP1, consider restricting file uploads to only allow non-executable file extensions as a temporary workaround until a patch is available. Restrict access to the system/cache/pictures directory to minimize the risk of exploitation. Avoid using the image.php file for uploading files until the issue is resolved.