CVE-2008-2267

Name of the Vulnerable Software and Affected Versions: CMS Made Simple versions 1.2.4 and earlier

Description: The issue allows remote attackers to execute arbitrary code by uploading a file with a name ending in certain extensions, such as .jsp, .php3, .cgi, .dhtml, .phtml, .php5, or .jar, and then accessing it via a direct request to the file in modules/FileManager/postlet/.

Recommendations: For CMS Made Simple versions 1.2.4 and earlier, update to a version later than 1.2.4 to resolve the issue. As a temporary workaround, consider restricting access to the javaUpload.php file in the FileManager module to minimize the risk of exploitation. Avoid using the vulnerable file extensions in the affected module until the issue is resolved.