CVE-2009-2238

Name of the Vulnerable Software and Affected Versions DMXReady Registration Manager version 1.1

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the assetmanager.asp script in the includes/shared scripts/wysiwyg editor/assetmanager directory, and then accessing the uploaded file directly. This is possible due to an unrestricted file upload vulnerability.

Recommendations For DMXReady Registration Manager version 1.1, restrict access to the assetmanager.asp script to prevent unauthorized file uploads, and consider implementing validation to only allow uploading of files with specific, non-executable extensions. As a temporary workaround, consider disabling the assetmanager.asp script until a patch is available.