CVE-2008-6914

Name of the Vulnerable Software and Affected Versions: Zeeways ZEEPROPERTY version 1.0

Description: The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile modification. This is done by accessing a related file via a direct request to the file in companylogo/.

Recommendations: For Zeeways ZEEPROPERTY version 1.0, consider restricting file uploads to only allow non-executable file extensions as a temporary workaround until a patch is available. Restrict access to the companylogo/ directory to minimize the risk of exploitation. Avoid using the file upload feature in viewprofile.php until the issue is resolved.