Lucene search
HistoryApr 12, 2005 - 4:00 a.m.
CVE-2005-1047
cve-2005-1047
meilad
file upload
phpbb
security vulnerability
remote code execution
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.4 High
AI Score
Confidence
High
0.011 Low
EPSS
Percentile
84.7%
Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory.
Affected configurations
Node
phpbb_groupphpbbMatch2.0.0
ORphpbb_groupphpbbMatch2.0.1
ORphpbb_groupphpbbMatch2.0.2
ORphpbb_groupphpbbMatch2.0.3
ORphpbb_groupphpbbMatch2.0.4
ORphpbb_groupphpbbMatch2.0.5
ORphpbb_groupphpbbMatch2.0.6
ORphpbb_groupphpbbMatch2.0.6c
ORphpbb_groupphpbbMatch2.0.6d
ORphpbb_groupphpbbMatch2.0.7
ORphpbb_groupphpbbMatch2.0.7a
ORphpbb_groupphpbbMatch2.0.8
ORphpbb_groupphpbbMatch2.0.8a
ORphpbb_groupphpbbMatch2.0.9
ORphpbb_groupphpbbMatch2.0.10
ORphpbb_groupphpbbMatch2.0.11
ORphpbb_groupphpbbMatch2.0.12
ORphpbb_groupphpbbMatch2.0.13
ORphpbb_groupphpbbMatch2.0.14
ORphpbb_groupphpbbMatch2.0_beta1
ORphpbb_groupphpbbMatch2.0_rc1
ORphpbb_groupphpbbMatch2.0_rc2
ORphpbb_groupphpbbMatch2.0_rc3
ORphpbb_groupphpbbMatch2.0_rc4
Related
nessus
nessus
phpBB up.php Arbitrary File Upload
2005-04-11 00:00:00
cvelist
cvelist
CVE-2005-1047
2005-04-12 04:00:00
nvd
nvd
CVE-2005-1047
2005-04-07 04:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.4 High
AI Score
Confidence
High
0.011 Low
EPSS
Percentile
84.7%
Related for CVE-2005-1047