CVE-2008-2216

Name of the Vulnerable Software and Affected Versions: Project-Based Calendaring System (PBCS) version 0.7.1

Description: The issue concerns an unrestricted file upload vulnerability. This vulnerability is located in the src/yopy upload.php file and allows remote authenticated users to upload arbitrary files to the tmp/uploads directory.

Recommendations: For version 0.7.1, restrict access to the src/yopy upload.php file to prevent unauthorized file uploads until a patch is available. Consider implementing validation and restrictions on uploaded files to minimize the risk of exploitation.