Vulnerability Name:

CVE-2005-2781 (CCN-22076)

Assigned:2005-08-28
Published:2005-08-28
Updated:2018-10-19
Summary:The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.
CVSS v3 Severity:4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Sun Aug 28 2005 - 10:00:56 CDT
FUD Forum < 2.7.1 PHP code injection vurnelability

Source: MITRE
Type: CNA
CVE-2005-2781

Source: CCN
Type: FUDforum Web site
FUD Forum

Source: CONFIRM
Type: UNKNOWN
http://fudforum.org/forum/index.php?t=msg&th=5470&start=0&

Source: BUGTRAQ
Type: UNKNOWN
20050828 FUD Forum < 2.7.1 PHP code injection vurnelability

Source: CCN
Type: SA16627
FUDforum Avatar Upload Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
16627

Source: SECUNIA
Type: UNKNOWN
20203

Source: DEBIAN
Type: UNKNOWN
DSA-1063

Source: DEBIAN
Type: DSA-1063
phpgroupware -- missing input sanitising

Source: CCN
Type: OSVDB ID: 18953
FUDforum Avatar Upload Extension Validation Weakness Arbitrary Code Execution

Source: BUGTRAQ
Type: UNKNOWN
20090127 Re: FUD Forum < 2.7.1 PHP code injection vurnelability

Source: BID
Type: UNKNOWN
14678

Source: CCN
Type: BID-14678
FUDforum Avatar Upload Arbitrary Script Upload Vulnerability

Source: XF
Type: UNKNOWN
fudforum-avatar-file-upload(22076)

Source: XF
Type: UNKNOWN
fudforum-avatar-file-upload(22076)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ilia_alshanetsky:fudforum:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.6.5:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.6.6:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.6.7:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.6.8:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.6.9:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.6.10:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.6.11:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.6.12:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.6.13:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.6.14:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.6.15:*:*:*:*:*:*:*
  • OR cpe:/a:ilia_alshanetsky:fudforum:2.7.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:1063
    V
    		missing input sanitising
    2006-05-08
    BACK
    ilia_alshanetsky fudforum 2.1.0
    ilia_alshanetsky fudforum 2.1.1
    ilia_alshanetsky fudforum 2.1.2
    ilia_alshanetsky fudforum 2.1.3
    ilia_alshanetsky fudforum 2.2.0
    ilia_alshanetsky fudforum 2.2.1
    ilia_alshanetsky fudforum 2.2.2
    ilia_alshanetsky fudforum 2.2.3
    ilia_alshanetsky fudforum 2.2.4
    ilia_alshanetsky fudforum 2.2.5
    ilia_alshanetsky fudforum 2.3.0
    ilia_alshanetsky fudforum 2.3.1
    ilia_alshanetsky fudforum 2.3.2
    ilia_alshanetsky fudforum 2.3.3
    ilia_alshanetsky fudforum 2.3.4
    ilia_alshanetsky fudforum 2.3.5
    ilia_alshanetsky fudforum 2.3.6
    ilia_alshanetsky fudforum 2.3.7
    ilia_alshanetsky fudforum 2.3.8
    ilia_alshanetsky fudforum 2.5.0
    ilia_alshanetsky fudforum 2.5.1
    ilia_alshanetsky fudforum 2.5.2
    ilia_alshanetsky fudforum 2.6.0
    ilia_alshanetsky fudforum 2.6.1
    ilia_alshanetsky fudforum 2.6.2
    ilia_alshanetsky fudforum 2.6.3
    ilia_alshanetsky fudforum 2.6.4
    ilia_alshanetsky fudforum 2.6.5
    ilia_alshanetsky fudforum 2.6.6
    ilia_alshanetsky fudforum 2.6.7
    ilia_alshanetsky fudforum 2.6.8
    ilia_alshanetsky fudforum 2.6.9
    ilia_alshanetsky fudforum 2.6.10
    ilia_alshanetsky fudforum 2.6.11
    ilia_alshanetsky fudforum 2.6.12
    ilia_alshanetsky fudforum 2.6.13
    ilia_alshanetsky fudforum 2.6.14
    ilia_alshanetsky fudforum 2.6.15
    ilia_alshanetsky fudforum 2.7.0