CVE-2007-6676

Name of the Vulnerable Software and Affected Versions Uber Uploader versions 5.3.6 and earlier

Description The default configuration of Uber Uploader does not block uploads of potentially dangerous file extensions, such as .html and .asp. This allows remote attackers to upload these files via API endpoints like "uu file upload.php" and "uber uploader file.php", which are related to "uu file upload.js" and "uber uploader file.js", respectively.

Recommendations For Uber Uploader versions 5.3.6 and earlier, consider adding restrictions to block uploads of potentially dangerous file extensions, such as .html and .asp, to prevent remote attackers from exploiting this issue. As a temporary workaround, restrict access to the "uu file upload.php" and "uber uploader file.php" API endpoints until a more permanent solution is implemented.