CVE-2007-0123

Name of the Vulnerable Software and Affected Versions Uber Uploader version 4.2

Description The issue allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations.

Recommendations For Uber Uploader version 4.2, consider restricting file uploads to only allow specific, necessary file types, and implement additional checks to prevent the execution of uploaded scripts, such as verifying the file extension and validating user input. As a temporary workaround, consider disabling the file upload feature until a patch is available.