CVE-2005-1047 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Phpbb Group	Phpbb	2.0.0

References

http://marc.info/?l=bugtraq&m=111299353030534&w=2
http://securitytracker.com/id?1013671Vendor Advisory
http://www.defacers.com.mx/advisories/2.txtURL Repurposed
http://marc.info/?l=bugtraq&m=111299353030534&w=2
http://securitytracker.com/id?1013671Vendor Advisory
http://www.defacers.com.mx/advisories/2.txtURL Repurposed

FAQ

What is CVE-2005-1047?

CVE-2005-1047 is a vulnerability with a CVSS score of 7.5 (HIGH). Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploadi...

How severe is CVE-2005-1047?

CVE-2005-1047 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-1047?

Check the references section above for vendor advisories and patch information. Affected products include: Phpbb Group Phpbb.