CVE-2008-6768

Name of the Vulnerable Software and Affected Versions: K&S Shopsoftware (affected versions not specified)

Description: The issue concerns an unrestricted file upload vulnerability. This allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension and then accessing it directly. The vulnerability is specifically located in the admin/editor/images.php file, and the uploaded file can be accessed via a direct request to the file in images/upload/.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.