CVE-2013-5353

Name of the Vulnerable Software and Affected Versions Sharetronix versions 3.1.1.3, 3.1.1, and earlier

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. This is due to an unrestricted file upload vulnerability in the system/controllers/ajax/attachments.php file.

Recommendations For Sharetronix versions 3.1.1.3, 3.1.1, and earlier, consider restricting access to the system/controllers/ajax/attachments.php file until a fix is available. As a temporary workaround, consider disabling the file upload functionality in the affected file to prevent exploitation. Restrict access to directories where uploaded files are stored to minimize the risk of arbitrary code execution.