CVE-2008-7215

Name of the Vulnerable Software and Affected Versions MOStlyCE versions prior to 2.4 Mambo versions 4.6.3 and earlier

Description The issue allows remote attackers to rename arbitrary files and cause a denial of service. This is achieved by modifying the file[NewFile][name], file[NewFile][tmp name], and file[NewFile][size] parameters in a FileUpload command. These parameters are used to modify equivalent variables in $ FILES that are accessed when the is uploaded file check fails.

Recommendations For MOStlyCE versions prior to 2.4, update to version 2.4 or later. For Mambo versions 4.6.3 and earlier, consider upgrading to a version later than 4.6.3 as a mitigation measure. As a temporary workaround, consider restricting access to the FileUpload command to minimize the risk of exploitation.