CVE-2006-2428

Name of the Vulnerable Software and Affected Versions DUbanner version 3.1

Description The issue allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, to the add.asp endpoint, probably due to client-side enforcement that can be bypassed.

Recommendations For version 3.1, consider restricting access to the add.asp endpoint to prevent arbitrary file uploads until a patch is available. As a temporary workaround, limit the types of file extensions that can be uploaded to prevent potential code execution.