CVE-2010-0366

Name of the Vulnerable Software and Affected Versions Bits Video Script versions 2.04 through 2.05 Gold Beta

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to certain API endpoints, specifically through the files register.php and addvideo.php, and then accessing the uploaded file directly.

Recommendations For versions 2.04 through 2.05 Gold Beta, consider disabling the file upload functionality in register.php and addvideo.php until a patch is available to prevent remote code execution. Restrict access to the directories where uploaded files are stored to minimize the risk of exploitation. Avoid using executable file extensions for uploads in the affected API endpoints until the issue is resolved.