CVE-2008-6619

Name of the Vulnerable Software and Affected Versions ClassSystem version 2.3

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the class/ApplyDB.php file, and then accessing it via a direct request to the file in class/UploadHomepage/. This is due to an unrestricted file upload vulnerability.

Recommendations For ClassSystem version 2.3, consider restricting or disabling the file upload functionality in class/ApplyDB.php until a proper fix is applied, and avoid accessing uploaded files directly via class/UploadHomepage/ to minimize the risk of exploitation.