CVE-2008-6900

Name of the Vulnerable Software and Affected Versions: AvailScript Article Script (affected versions not specified)

Description: The issue concerns an unrestricted file upload vulnerability in the "Add Pen/Author Name" feature, located in the addpen.php file. This vulnerability allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and then accessing it directly via a request to the file in the photos/ directory.

Recommendations: For AvailScript Article Script, restrict access to the "Add Pen/Author Name" feature in addpen.php to prevent unauthorized file uploads. As a temporary workaround, consider disabling the execution of files in the photos/ directory until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.