Affects:
- Kusaba 1.0.4 [High]
Description
Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) load_receiver.php or (2) a shipainter action to paint_save.php, then accessing the uploaded file via a direct request to this file in their user directory.
If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.
CVE Identifier: CVE-2008-5663
Severity: High

