CVE-2008-6913

Name of the Vulnerable Software and Affected Versions: Zeeways ZEEJOBSITE version 2.0

Description: The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile edit action, then accessing the file via a direct request to "jobseekers/logos/".

Recommendations: For Zeeways ZEEJOBSITE version 2.0, consider restricting file uploads to only allow non-executable file extensions as a temporary workaround until a patch is available. Restrict access to the "jobseekers/logos/" directory to minimize the risk of exploitation. Avoid using the file upload feature in the profile edit action until the issue is resolved.