CVE-2008-3117

Name of the Vulnerable Software and Affected Versions: PHPmotion versions 2.0 and earlier

Description: The issue allows remote authenticated users to execute arbitrary code by uploading a .php file with a content type of image/gif, image/jpeg, or image/pjpeg, then accessing it via a direct request to the file under pictures/.

Recommendations: For PHPmotion versions 2.0 and earlier, restrict access to the update profile.php file to prevent unauthorized file uploads, and consider validating the content type of uploaded files to prevent malicious code execution. As a temporary workaround, consider disabling the file upload functionality in update profile.php until a proper fix is available.