CVE-2008-2988

Name of the Vulnerable Software and Affected Versions Benja CMS version 0.1

Description The issue concerns an unrestricted file upload vulnerability. This allows remote attackers to upload and execute arbitrary PHP files. The attack is carried out via unspecified vectors, followed by a direct request to the file in the billeder/ directory.

Recommendations For Benja CMS version 0.1, restrict access to the admin/upload.php file to prevent unauthorized file uploads. As a temporary workaround, consider disabling the file upload functionality in admin/upload.php until a patch is available.