Vulnerability Description
upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yapig | Yapig | 0.92b |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/15600/Broken LinkVendor Advisory
- http://securitytracker.com/id?1014103Broken LinkExploitThird Party Advisory
- http://secwatch.org/advisories/secwatch/20050530_yapig.txtBroken LinkVendor Advisory
- http://www.osvdb.org/17115Broken LinkVendor Advisory
- http://secunia.com/advisories/15600/Broken LinkVendor Advisory
- http://securitytracker.com/id?1014103Broken LinkExploitThird Party Advisory
- http://secwatch.org/advisories/secwatch/20050530_yapig.txtBroken LinkVendor Advisory
- http://www.osvdb.org/17115Broken LinkVendor Advisory
FAQ
What is CVE-2005-1881?
CVE-2005-1881 is a vulnerability with a CVSS score of 7.5 (HIGH). upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP cod...
How severe is CVE-2005-1881?
CVE-2005-1881 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1881?
Check the references section above for vendor advisories and patch information. Affected products include: Yapig Yapig.