CVE-2014-2042

Name of the Vulnerable Software and Affected Versions Timelive versions prior to 6.5.1

Description The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to the Manage Project functionality, then accessing it via a direct request to the file in a predictable directory in Uploads/.

Recommendations For versions prior to 6.5.1, update to version 6.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Uploads/ directory or disabling the file upload functionality in the Manage Project feature until the update is applied.