CVE-2006-4581

Name of the Vulnerable Software and Affected Versions The Address Book version 1.04e

Description The issue concerns an unrestricted file upload vulnerability. It allows remote attackers to upload arbitrary PHP scripts because the software validates the Content-Type header but not the file extension.

Recommendations For version 1.04e, consider restricting file uploads to only allow specific, necessary file extensions as a temporary workaround until a patch is available. Additionally, validate both the Content-Type header and the file extension to prevent uploading arbitrary scripts.