CVE-2013-4898

Name of the Vulnerable Software and Affected Versions SocialEngine Timeline Plugin version 4.2.5p9

Description The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to the user profile page feature, and then accessing it via a direct request to the file in public/temporary/timeline/.

Recommendations For SocialEngine Timeline Plugin version 4.2.5p9, consider restricting file uploads to only allowed extensions as a temporary workaround until a patch is available. Restrict access to the public/temporary/timeline/ directory to minimize the risk of exploitation.