ID CVE-2005-1956 Type cve Reporter cve@mitre.org Modified 2016-10-18T03:23:00
Description
File Upload Manager allows remote attackers to upload arbitrary files by modifying the test variable to contain a value of '~~~~~~' (six tildes), which bypasses the file extension checks.
{"osvdb": [{"lastseen": "2017-04-28T13:20:17", "bulletinFamily": "software", "description": "## Vulnerability Description\nFile Upload Manager contains a flaw that may allow a malicious user to bypass the file extension check. The issue is triggered when multiple tilde characters are submitted from a third-party form to the 'test' variable. It is possible that the flaw may allow the uploading of arbitrary files resulting in the execution of arbitrary code or file disclosure.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nFile Upload Manager contains a flaw that may allow a malicious user to bypass the file extension check. The issue is triggered when multiple tilde characters are submitted from a third-party form to the 'test' variable. It is possible that the flaw may allow the uploading of arbitrary files resulting in the execution of arbitrary code or file disclosure.\n## References:\nVendor URL: http://www.mtnpeak.net/webdev/index.php?pg=php\n[Related OSVDB ID: 20258](https://vulners.com/osvdb/OSVDB:20258)\n[Related OSVDB ID: 17435](https://vulners.com/osvdb/OSVDB:17435)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0116.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0079.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0115.html\n[CVE-2005-1956](https://vulners.com/cve/CVE-2005-1956)\n", "modified": "2005-06-12T00:50:31", "published": "2005-06-12T00:50:31", "href": "https://vulners.com/osvdb/OSVDB:20257", "id": "OSVDB:20257", "type": "osvdb", "title": "Adam Mmedici File Upload Manager Arbitrary File Upload", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}