CVE-2006-6338

Name of the Vulnerable Software and Affected Versions deV!L`z Clanportal (DZCP) versions prior to 1.3.6.1

Description The issue allows remote attackers to upload and execute arbitrary .php files by embedding PHP code in a JPEG or GIF file that is uploaded to the inc/images/uploads/userpics/ directory. This is due to an unrestricted file upload vulnerability in the upload/index.php file.

Recommendations For versions prior to 1.3.6.1, update to version 1.3.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the upload/index.php file and the inc/images/uploads/userpics/ directory to minimize the risk of exploitation. Avoid allowing users to upload files with embedded PHP code until the issue is resolved.