CVE-2011-5004

Name of the Vulnerable Software and Affected Versions com fabrik versions prior to 2.1.1

Description The issue allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory in the models/importcsv.php file.

Recommendations For versions prior to 2.1.1, update to version 2.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the models/importcsv.php file to prevent unauthorized file uploads.