CVE-2007-1255

Name of the Vulnerable Software and Affected Versions Connectix Boards versions 0.7 and earlier

Description The issue allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to "admin.php". This can be later accessed via a direct request for the file in "smileys/". It can also be leveraged with a separate SQL injection issue for remote unauthenticated attacks.

Recommendations For Connectix Boards versions 0.7 and earlier, restrict access to the admin.php endpoint and the uploadimage parameter to prevent exploitation until a fix is available. As a temporary workaround, consider disabling the image upload functionality in admin.bbcode.php to minimize the risk of arbitrary PHP code execution.