CVE-2005-4422

Name of the Vulnerable Software and Affected Versions toendaCMS versions prior to 0.6.2 Stable

Description The issue allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension and then accessing it via a direct request to the file in data/images/albums.

Recommendations For versions prior to 0.6.2 Stable, update to version 0.6.2 Stable or later to resolve the issue. As a temporary workaround, consider restricting file uploads to only approved extensions and disabling direct access to files in the data/images/albums directory until a patch is applied.