CVE-2008-6920

Name of the Vulnerable Software and Affected Versions: phpEmployment version 1.8

Description: The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then accessing it via a direct request to the file in photoes/. This is due to an unrestricted file upload vulnerability in auth.php.

Recommendations: For phpEmployment version 1.8, restrict file uploads to only allow non-executable extensions to prevent arbitrary code execution. As a temporary workaround, consider restricting access to the photoes/ directory to minimize the risk of exploitation.