CVE-2007-0764

Name of the Vulnerable Software and Affected Versions F3Site versions 2.1 and earlier

Description The issue allows remote authenticated administrators to upload and execute arbitrary PHP scripts. This can be achieved by using a GIF86 header in a file in the uplf parameter, which can later be accessed via a relative pathname in the dir parameter in "adm.php".

Recommendations For F3Site versions 2.1 and earlier, restrict access to the file upload functionality to prevent remote authenticated administrators from uploading arbitrary PHP scripts. As a temporary workaround, consider disabling the file upload feature in adm.php until a patch is available. Avoid using the uplf parameter in adm.php to upload files until the issue is resolved.