| Vulnerability Name: | CVE-2005-1047 (CCN-20030) | ||||||||
| Assigned: | 2005-04-07 | ||||||||
| Published: | 2005-04-07 | ||||||||
| Updated: | 2016-10-18 | ||||||||
| Summary: | Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory. | ||||||||
| CVSS v3 Severity: | 4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Thu Apr 07 2005 - 21:21:38 CDT phpBB Upload Script "up.php" Arbitrary File Upload Source: MITRE Type: CNA CVE-2005-1047 Source: BUGTRAQ Type: UNKNOWN 20050408 phpBB Upload Script "up.php" Arbitrary File Upload Source: CCN Type: SECTRACK ID: 1013671 File Upload Script `up.php` for phpBB Lets Remote Users Upload Arbitrary Files Source: SECTRACK Type: Vendor Advisory 1013671 Source: MISC Type: UNKNOWN http://www.defacers.com.mx/advisories/2.txt Source: CCN Type: OSVDB ID: 15481 phpBB up.php Arbitrary File Upload Source: CCN Type: phpBB Web site phpBB.com :: Downloads Source: CCN Type: BID-13084 File Upload Script PHPBB Module Arbitrary Script Upload Vulnerability Source: XF Type: UNKNOWN phpbb-upphp-file-upload(20030) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||