CVE-2011-5077

Name of the Vulnerable Software and Affected Versions HDWiki version 5.0

Description The issue concerns an unrestricted file upload vulnerability in the attachment.php file. This allows remote attackers to execute arbitrary code by uploading a file with an executable extension and then accessing it via a direct request to the file in the image directory.

Recommendations For HDWiki version 5.0, consider restricting file uploads to only allow non-executable file extensions as a temporary workaround until a patch is available. Restrict access to the attachment.php file to minimize the risk of exploitation. Avoid using the attachment.php file for uploading files until the issue is resolved.