Описание
The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.
The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2005-2781
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22076
- http://fudforum.org/forum/index.php?t=msg&th=5470&start=0&
- http://marc.info/?l=bugtraq&m=112534235403406&w=2
- http://secunia.com/advisories/16627
- http://secunia.com/advisories/20203
- http://www.debian.org/security/2006/dsa-1063
- http://www.securityfocus.com/archive/1/500406/100/0/threaded
- http://www.securityfocus.com/bid/14678
EPSS
CVE ID
Связанные уязвимости
The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.
The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.
The Avatar upload feature in FUD Forum before 2.7.0 does not properly ...
EPSS