CVE-2008-6530

Name of the Vulnerable Software and Affected Versions eZoneScripts Living Local version 1.1

Description The issue allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension to the editimage.php file, and then accessing it via a direct request to the uploaded file. This can be achieved by exploiting an unrestricted file upload vulnerability.

Recommendations For version 1.1, restrict access to the editimage.php file to prevent unauthorized file uploads, and consider implementing validation to only allow uploading of files with specific, non-executable extensions. As a temporary workaround, consider disabling the file upload functionality in editimage.php until a more comprehensive fix is available.