CVE-2008-7167

Name of the Vulnerable Software and Affected Versions Page Manager version 2006-02-04

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the upload.php file, and then accessing it via a direct request.

Recommendations For Page Manager version 2006-02-04, consider restricting access to the upload.php file to prevent unauthorized file uploads until a fix is available. As a temporary workaround, restrict the types of files that can be uploaded to prevent executable files from being uploaded.