CVE-2009-1659

Name of the Vulnerable Software and Affected Versions: eLitius version 1.0

Description: The issue allows remote attackers to bypass intended access restrictions and upload arbitrary files. This can be achieved by uploading an avatar file with an accepted Content-Type, such as image/gif, and then requesting the file in the "admin/banners/" endpoint.

Recommendations: For eLitius version 1.0, consider restricting access to the admin/uploadimage.php file and the admin/banners/ endpoint to minimize the risk of exploitation. As a temporary workaround, consider disabling the file upload functionality in admin/uploadimage.php until a patch is available.