CVE-2008-1495

Name of the Vulnerable Software and Affected Versions PEEL versions 3.x and earlier

Description The issue allows remote authenticated administrators to upload and execute arbitrary PHP files via a modified content type in an ajout action. This can be achieved by modifying the content type, for example, to image/gif or application/pdf.

Recommendations For versions 3.x and earlier, consider restricting access to the administrer/produits.php file to prevent arbitrary PHP file uploads until a fix is available. As a temporary workaround, restrict the ajout action to authorized users only.