CVE-2008-4428

Name of the Vulnerable Software and Affected Versions: Phlatline's Personal Information Manager (pPIM) versions 1.0 and earlier

Description: The issue allows remote attackers to execute arbitrary code by uploading a .php file to the "upload.php" endpoint, and then accessing it via a direct request to the file in the top-level directory.

Recommendations: For versions 1.0 and earlier, consider restricting access to the "upload.php" file to prevent unauthorized uploads until a fix is available. As a temporary workaround, restrict the execution of uploaded files in the top-level directory to minimize the risk of exploitation.