CVE-2008-7076

Name of the Vulnerable Software and Affected Versions Kalptaru Infotech Ltd. Star Articles version 6.0

Description The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile photo, then accessing it via a direct request to the file in authorphoto/. This is due to an unrestricted file upload vulnerability in user.modify.profile.php.

Recommendations For Kalptaru Infotech Ltd. Star Articles version 6.0, restrict the types of files that can be uploaded as profile photos to prevent the execution of arbitrary code. As a temporary workaround, consider disabling the file upload feature in user.modify.profile.php until a proper fix is implemented.