CVE-2008-3592

Name of the Vulnerable Software and Affected Versions Twentyone Degrees Symphony versions 1.7.01 and earlier

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a specified directory, then accessing the uploaded file via a direct request. This can be achieved by exploiting the unrestricted file upload vulnerability in the File Manager in the admin panel.

Recommendations For versions 1.7.01 and earlier, restrict access to the File Manager in the admin panel to prevent unauthorized file uploads. As a temporary workaround, consider disabling the file upload functionality until a fix is available. Avoid using the destination parameter in the affected API endpoint until the issue is resolved.