CVE-2005-1881

upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code.
References
Link Resource
http://secunia.com/advisories/15600/ Broken Link Vendor Advisory
http://securitytracker.com/id?1014103 Broken Link Exploit Third Party Advisory VDB Entry Vendor Advisory
http://secwatch.org/advisories/secwatch/20050530_yapig.txt Broken Link Vendor Advisory
http://www.osvdb.org/17115 Broken Link Vendor Advisory
http://secunia.com/advisories/15600/ Broken Link Vendor Advisory
http://securitytracker.com/id?1014103 Broken Link Exploit Third Party Advisory VDB Entry Vendor Advisory
http://secwatch.org/advisories/secwatch/20050530_yapig.txt Broken Link Vendor Advisory
http://www.osvdb.org/17115 Broken Link Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:yapig:yapig:0.92b:*:*:*:*:*:*:*
cpe:2.3:a:yapig:yapig:0.93u:*:*:*:*:*:*:*
cpe:2.3:a:yapig:yapig:0.94u:*:*:*:*:*:*:*

History

20 Nov 2024, 23:58

Type Values Removed Values Added
References () http://secunia.com/advisories/15600/ - Broken Link, Vendor Advisory () http://secunia.com/advisories/15600/ - Broken Link, Vendor Advisory
References () http://securitytracker.com/id?1014103 - Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory () http://securitytracker.com/id?1014103 - Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory
References () http://secwatch.org/advisories/secwatch/20050530_yapig.txt - Broken Link, Vendor Advisory () http://secwatch.org/advisories/secwatch/20050530_yapig.txt - Broken Link, Vendor Advisory
References () http://www.osvdb.org/17115 - Broken Link, Vendor Advisory () http://www.osvdb.org/17115 - Broken Link, Vendor Advisory

26 Jan 2024, 19:07

Type Values Removed Values Added
References (MISC) http://secwatch.org/advisories/secwatch/20050530_yapig.txt - Vendor Advisory (MISC) http://secwatch.org/advisories/secwatch/20050530_yapig.txt - Broken Link, Vendor Advisory
References (SECUNIA) http://secunia.com/advisories/15600/ - Vendor Advisory (SECUNIA) http://secunia.com/advisories/15600/ - Broken Link, Vendor Advisory
References (SECTRACK) http://securitytracker.com/id?1014103 - Exploit, Vendor Advisory (SECTRACK) http://securitytracker.com/id?1014103 - Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory
References (OSVDB) http://www.osvdb.org/17115 - Vendor Advisory (OSVDB) http://www.osvdb.org/17115 - Broken Link, Vendor Advisory
CWE NVD-CWE-Other CWE-434

Information

Published : 2005-06-06 04:00

Updated : 2024-11-20 23:58


NVD link : CVE-2005-1881

Mitre link : CVE-2005-1881

CVE.ORG link : CVE-2005-1881


JSON object : View

Products Affected

yapig

  • yapig
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type