CVE-2008-5663

Name of the Vulnerable Software and Affected Versions Kusaba versions 1.0.4 and earlier

Description The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) load receiver.php or (2) a shipainter action to paint save.php, then accessing the uploaded file via a direct request to this file in their user directory.

Recommendations For Kusaba versions 1.0.4 and earlier, consider restricting access to load receiver.php and paint save.php to prevent unauthorized file uploads until a fix is available. As a temporary workaround, restrict the shipainter action to minimize the risk of exploitation. Avoid allowing users to upload files with executable extensions.