CVE-2010-0757

Name of the Vulnerable Software and Affected Versions WikyBlog version 1.7.3rc2

Description The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the "uploadform" action in the index.php/Attach module, and then accessing it via a direct request to the file in the userfiles/[username]/uploaded/ directory.

Recommendations For WikyBlog version 1.7.3rc2, consider restricting access to the uploadform action in the index.php/Attach module to prevent uploading files with executable extensions until a fix is available. Additionally, restrict direct access to files in the userfiles/[username]/uploaded/ directory to minimize the risk of exploitation.