Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1881

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1881
Last Modified 05 Sep 2008 04:50:19
Published 06 Jun 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1881

Summary

upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code.

Vulnerable Systems

Application

  • Yapig 0.92b

  • Yapig 0.93u

  • Yapig 0.94u


References

OSVDB - 17115

MISC - http://secwatch.org/advisories/secwatch/20050530_yapig.txt

SECTRACK - 1014103

SECUNIA - 15600


Last Updated: 27 May 2016 10:40:20