CVE-2005-1881

Properties

Published:
05.06.2005
Updated:
20.10.2005
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:C/A:P/B:N) Approximated
Product:
YaPiG: YaPig
YaPiG: YaPig
YaPiG: YaPig

Vulnerability description

upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code.

References:

MISC: http://secwatch.org/advisories/secwatch/20050530_yapig.txt
OSVDB: http://www.osvdb.org/17115
SECUNIA: http://secunia.com/advisories/15600/
SECTRACK: http://securitytracker.com/id?1014103