Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0743

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0743
Last Modified 05 Sep 2008 04:47:10
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0743

Summary

The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered.

Vulnerable Systems

Application

  • Xoops 1.0 Rc1

  • Xoops 1.0 Rc3

  • Xoops 1.0 Rc3.0.5

  • Xoops 1.3.10

  • Xoops 1.3.5

  • Xoops 1.3.6

  • Xoops 1.3.7

  • Xoops 1.3.8

  • Xoops 1.3.9

  • Xoops 2.0

  • Xoops 2.0.1

  • Xoops 2.0.2

  • Xoops 2.0.3

  • Xoops 2.0.5

  • Xoops 2.0.5.1

  • Xoops 2.0.5.2

  • Xoops 2.0.9.2


References

CONFIRM - http://www.xoops.org/modules/news/article.php?storyid=2114

BID - 12754

BUGTRAQ - 20050308 [SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file extension validation

SECUNIA - 14520

XF - xoops-uploader-file-upload(19634)


Last Updated: 27 May 2016 10:39:54