Nidal Guedouar

**Name of the Vulnerable Software and Affected Versions** Ovidentia version 8.3 **Description** A problem was discovered in the file upload feature, which does not prevent the uploading of executable files. A user can upload a .png file containing PHP code and then rename it to have the .php extension. The file will then be accessible at a "images/common/" URI for remote code execution. **Recommendations** For Ovidentia version 8.3, consider disabling the file upload feature until a patch is available to prevent the uploading of executable files. Restrict access to the "images/common/" directory to minimize the risk of exploitation. Avoid allowing users to rename uploaded files to have executable extensions, such as .php, until the issue is resolved.