CVE-2009-1483

Name of the Vulnerable Software and Affected Versions: Adam Patterson Studio Lounge Address Book version 2.5

Description: The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the upload-file.php endpoint, and then accessing it via a direct request to the file in profiles/. This is reachable from index2.php.

Recommendations: For Adam Patterson Studio Lounge Address Book version 2.5, consider disabling the upload-file.php endpoint until a patch is available to prevent remote attackers from uploading malicious files. Restrict access to the profiles/ directory to minimize the risk of exploitation. Avoid using executable file extensions in uploads to prevent arbitrary code execution.