Vulnerability Description
The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sir | Gnuboard | <= 3.40 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=110477648219738&w=2ExploitMailing List
- http://secunia.com/advisories/13711Broken Link
- http://www.securityfocus.com/bid/12149Broken LinkThird Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18729Third Party AdvisoryVDB Entry
- http://marc.info/?l=bugtraq&m=110477648219738&w=2ExploitMailing List
- http://secunia.com/advisories/13711Broken Link
- http://www.securityfocus.com/bid/12149Broken LinkThird Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18729Third Party AdvisoryVDB Entry
FAQ
What is CVE-2005-0269?
CVE-2005-0269 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that incl...
How severe is CVE-2005-0269?
CVE-2005-0269 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2005-0269?
Check the references section above for vendor advisories and patch information. Affected products include: Sir Gnuboard.