CVE-2009-4451

Name of the Vulnerable Software and Affected Versions kandalf upper version 0.1

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the fileup/ directory, then accessing it via a direct request. This is due to an unrestricted file upload vulnerability in the upper.php file.

Recommendations For version 0.1, restrict access to the fileup/ directory to prevent direct requests to uploaded files, and consider implementing file type validation to prevent uploading files with executable extensions. As a temporary workaround, consider disabling the file upload functionality in upper.php until a more comprehensive fix is available.