Описание
uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a (1) JPG, (2) GIF, or (3) PNG MIME type.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:rickard_andersson:punbb:1.3.3:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00309
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
почти 4 года назад
uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a (1) JPG, (2) GIF, or (3) PNG MIME type.
EPSS
Процентиль: 54%
0.00309
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-20