CVE-2008-6918

Name of the Vulnerable Software and Affected Versions: ThePortal2 version 2.2

Description: The issue allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension to admin/galeria.php, and then accessing it via a direct request to the file in galeria/. This is due to an unrestricted file upload vulnerability.

Recommendations: For version 2.2, restrict file uploads in admin/galeria.php to only allow non-executable file extensions, and consider implementing additional validation and sanitization for uploaded files to prevent arbitrary PHP code execution. As a temporary workaround, consider disabling the file upload functionality in admin/galeria.php until a more comprehensive fix is available.