CVE-2005-1884

Properties

Published:
08.06.2005
Updated:
20.10.2005
Patch available:
Severity:
Medium
CVSS vector:
(AV:R/AC:L/Au:NR/C:N/I:C/A:C/B:N) Approximated
Product:
YaPiG: YaPiG
YaPiG: YaPiG
YaPiG: YaPiG

Vulnerability description

Directory traversal vulnerability in the (1) rmdir or (2) mkdir commands in upload.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to create or delete arbitrary directories via a .. (dot dot) in the dir parameter.

References:

MISC: http://secwatch.org/advisories/secwatch/20050530_yapig.txt
BID: http://www.securityfocus.com/bid/13877
OSVDB: http://www.osvdb.org/17120
SECUNIA: http://secunia.com/advisories/15600/
SECTRACK: http://securitytracker.com/id?1014103