CVE-2008-3362

Name of the Vulnerable Software and Affected Versions Giulio Ganci Wp Downloads Manager module version 0.2

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter in the upload.php file, and then accessing it directly. This is a result of an unrestricted file upload vulnerability in the affected module.

Recommendations For Giulio Ganci Wp Downloads Manager module version 0.2, consider disabling the upload functionality in upload.php until a patch is available to prevent exploitation. Restrict access to the wp-content/plugins/downloads-manager/upload/ directory to minimize the risk of arbitrary code execution. Avoid using the upfile parameter in the upload.php file until the issue is resolved.