CVE-2010-1334

Name of the Vulnerable Software and Affected Versions Pulse CMS Basic version 1.2.4

Description The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory.

Recommendations For Pulse CMS Basic version 1.2.4, consider restricting file uploads to only allow safe extensions and validate the uploaded file type to prevent executable code from being uploaded. As a temporary workaround, restrict access to the upload feature until a fix is available.