Vulnerability Description
Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "upload phpshell."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpfm | Phpfm | All versions |
References
- http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00085.htmlExploit
- http://www.securityfocus.com/bid/15335Exploit
- http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00085.htmlExploit
- http://www.securityfocus.com/bid/15335Exploit
FAQ
What is CVE-2005-4423?
CVE-2005-4423 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as...
How severe is CVE-2005-4423?
CVE-2005-4423 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4423?
Check the references section above for vendor advisories and patch information. Affected products include: Phpfm Phpfm.