CVE-2008-1958

Name of the Vulnerable Software and Affected Versions Tr Script News version 2.1

Description The issue allows remote authenticated users to execute arbitrary code by uploading a file with a .php extension, due to an unrestricted file upload vulnerability in the ajout cat mode in admin/main.php.

Recommendations For Tr Script News version 2.1, consider restricting file uploads to only allowed extensions and validating user input to prevent arbitrary code execution. As a temporary workaround, restrict access to the admin/main.php file to minimize the risk of exploitation.