CVE-2009-3173

Name of the Vulnerable Software and Affected Versions The Rat CMS Alpha 2

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the admin/add album.php endpoint, and then accessing it via a direct request to the file in images/.

Recommendations For The Rat CMS Alpha 2, restrict access to the admin/add album.php endpoint to prevent unauthorized file uploads, and remove any executable files from the images/ directory. As a temporary workaround, consider disabling the file upload functionality in admin/add album.php until a patch is available.