CVE-2005-2781 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2005-2781
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-2781

Description: The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/22076 SAID Secunia Advisory: SA16627 Secunia Advisory: SA20203 DEBIAN http://www.debian.org/security/2006/dsa-1063 CONFIRM http://fudforum.org/forum/index.php?t=msg&th=5470&start=0& BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/500406/100/0/threaded http://marc.theaimsgroup.com/?l=bugtraq&m=112534235403406&w=2 BID 14678

Return to the previous page.