CVE-2008-6978

Name of the Vulnerable Software and Affected Versions Full Revolution aspWebAlbum version 3.2

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the uploadmedia action in album.asp, and then accessing it via a direct request to the file in the pics/ directory.

Recommendations For Full Revolution aspWebAlbum version 3.2, consider restricting or disabling the uploadmedia action in album.asp to prevent uploading files with executable extensions until a fix is available. Restrict access to the pics/ directory to minimize the risk of exploitation.