CVE-2008-3239

Name of the Vulnerable Software and Affected Versions: PHPizabi version 0.848b C1 HFP1

Description: The issue is related to an unrestricted file upload vulnerability. This vulnerability can be exploited by remote attackers to upload and execute arbitrary code. The exploitation involves the writeLogEntry function and requires register globals to be enabled. Attackers can specify a filename in the CONF[CRON LOGFILE] parameter and provide file contents in the CONF[LOCALE LONG DATE TIME] parameter.

Recommendations: For PHPizabi version 0.848b C1 HFP1, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the writeLogEntry function in system/v cron proc.php until a patch is available. Avoid using the CONF[CRON LOGFILE] and CONF[LOCALE LONG DATE TIME] parameters in a way that could allow arbitrary file uploads.