CVE-2008-6568

Name of the Vulnerable Software and Affected Versions Yehe version 2.0

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the envoyer feature, and then accessing it via a direct request. This is an unrestricted file upload vulnerability.

Recommendations For Yehe version 2.0, consider restricting file uploads to only allow non-executable file extensions as a temporary workaround until a patch is available. Restrict access to the envoyer feature to minimize the risk of exploitation.