CVE-2005-4171

The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the image validity check but executes any PHP code within the file.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2005-11/0301.html	Exploit Vendor Advisory
http://rgod.altervista.org/efiction2_xpl.html	Exploit Vendor Advisory
http://secunia.com/advisories/17777	Exploit Vendor Advisory
http://securitytracker.com/id?1015273	Exploit
http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555
http://www.osvdb.org/21124
http://www.securityfocus.com/bid/15568	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:efiction_project:efiction:1.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-12-11 21:03

Updated : 2024-02-04 16:52

NVD link : CVE-2005-4171

Mitre link : CVE-2005-4171

CVE.ORG link : CVE-2005-4171

JSON object : View

Products Affected

efiction_project

efiction

CWE

NVD-CWE-Other

{"id": "CVE-2005-4171", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2005-12-11T21:03:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2005-11/0301.html", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://rgod.altervista.org/efiction2_xpl.html", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/17777", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015273", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/21124", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/15568", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The \"Upload new image\" command in the \"Manage Images\" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the image validity check but executes any PHP code within the file."}, {"lang": "es", "value": "La orden \"Upload new image\" (Subir nueva imagen) en \"Manage Images\" (Gestionar im\u00e1genes) de eFiction 1.1, cuando se permite a los miembros subir im\u00e1genes, permite a atacantes remotos ejecutar PHP de su elecci\u00f3n subiendo un fichero con extensi\u00f3n .php que contiene una cabecera GIF, que pasa la comprobaci\u00f3n de validaci\u00f3n de imagen pero ejecuta cualquier c\u00f3digo PHP en el fichero."}], "lastModified": "2008-09-05T20:56:13.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:efiction_project:efiction:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1234166D-F9ED-41DA-B08F-21E6B96AC43B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}