CVE-2008-7209

Name of the Vulnerable Software and Affected Versions OneCMS versions 2.4 and earlier

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type, then accessing it via a direct request to the file. This is possible due to an unrestricted file upload vulnerability in the add2 action in a upload.php.

Recommendations For OneCMS versions 2.4 and earlier, restrict file uploads to only allow safe file types and ensure proper validation of uploaded files to prevent executable code from being uploaded. As a temporary workaround, consider restricting access to the a upload.php file until a proper fix is applied.