Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2781

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2781
Last Modified 05 Feb 2009 12:44:05
Published 02 Sep 2005 07:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2781

Summary

The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.

Vulnerable Systems

Application

  • Ilia Alshanetsky Fudforum 2.1.0

  • Ilia Alshanetsky Fudforum 2.1.1

  • Ilia Alshanetsky Fudforum 2.1.2

  • Ilia Alshanetsky Fudforum 2.1.3

  • Ilia Alshanetsky Fudforum 2.2.0

  • Ilia Alshanetsky Fudforum 2.2.1

  • Ilia Alshanetsky Fudforum 2.2.2

  • Ilia Alshanetsky Fudforum 2.2.3

  • Ilia Alshanetsky Fudforum 2.2.4

  • Ilia Alshanetsky Fudforum 2.2.5

  • Ilia Alshanetsky Fudforum 2.3.0

  • Ilia Alshanetsky Fudforum 2.3.1

  • Ilia Alshanetsky Fudforum 2.3.2

  • Ilia Alshanetsky Fudforum 2.3.3

  • Ilia Alshanetsky Fudforum 2.3.4

  • Ilia Alshanetsky Fudforum 2.3.5

  • Ilia Alshanetsky Fudforum 2.3.6

  • Ilia Alshanetsky Fudforum 2.3.7

  • Ilia Alshanetsky Fudforum 2.3.8

  • Ilia Alshanetsky Fudforum 2.5.0

  • Ilia Alshanetsky Fudforum 2.5.1

  • Ilia Alshanetsky Fudforum 2.5.2

  • Ilia Alshanetsky Fudforum 2.6.0

  • Ilia Alshanetsky Fudforum 2.6.1

  • Ilia Alshanetsky Fudforum 2.6.10

  • Ilia Alshanetsky Fudforum 2.6.11

  • Ilia Alshanetsky Fudforum 2.6.12

  • Ilia Alshanetsky Fudforum 2.6.13

  • Ilia Alshanetsky Fudforum 2.6.14

  • Ilia Alshanetsky Fudforum 2.6.15

  • Ilia Alshanetsky Fudforum 2.6.2

  • Ilia Alshanetsky Fudforum 2.6.3

  • Ilia Alshanetsky Fudforum 2.6.4

  • Ilia Alshanetsky Fudforum 2.6.5

  • Ilia Alshanetsky Fudforum 2.6.6

  • Ilia Alshanetsky Fudforum 2.6.7

  • Ilia Alshanetsky Fudforum 2.6.8

  • Ilia Alshanetsky Fudforum 2.6.9

  • Ilia Alshanetsky Fudforum 2.7.0


References

XF - fudforum-avatar-file-upload(22076)

SECUNIA - 16627

BUGTRAQ - 20090127 Re: FUD Forum < 2.7.1 PHP code injection vurnelability

DEBIAN - DSA-1063

SECUNIA - 20203

BUGTRAQ - 20050828 FUD Forum < 2.7.1 PHP code injection vurnelability

CONFIRM - http://fudforum.org/forum/index.php?t=msg&th=5470&start=0&

BID - 14678


Last Updated: 27 May 2016 10:40:38