CVE-2007-6668

Name of the Vulnerable Software and Affected Versions MySpace Content Zone (MCZ) version 3.x

Description The issue concerns the admin/uploadgames.php file, which does not require administrative privileges. This allows remote attackers to perform unrestricted file uploads. Attackers can upload malicious files, such as .php files or files with names like .php%00.jpeg, to potentially execute arbitrary code.

Recommendations For MySpace Content Zone (MCZ) version 3.x, restrict access to the admin/uploadgames.php file to require administrative privileges, and validate all file uploads to prevent malicious files from being uploaded. As a temporary workaround, consider disabling the file upload functionality in admin/uploadgames.php until a proper fix is implemented.