CVE-2015-1587

Name of the Vulnerable Software and Affected Versions Maarch LetterBox versions 2.8 and earlier GEC/GED versions 1.4 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/. This is due to an unrestricted file upload vulnerability in the file to index.php file.

Recommendations For Maarch LetterBox versions 2.8 and earlier, update to a version later than 2.8 to resolve the issue. For GEC/GED versions 1.4 and earlier, update to a version later than 1.4 to resolve the issue. As a temporary workaround, consider restricting access to the file to index.php file to minimize the risk of exploitation.