CVE-2014-5298

Name of the Vulnerable Software and Affected Versions X2Engine versions 4.1.7 and earlier

Description The issue allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters. This is possible when running on case-insensitive file systems.

Recommendations For X2Engine versions 4.1.7 and earlier, consider implementing case-insensitive checks for executable extensions in the FileUploadsFilter.php to prevent bypassing the upload blacklist. As a temporary workaround, restrict access to file uploads until a proper fix is applied.