Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2005-2781
HistorySep 02, 2005 - 11:03 p.m.

CVE-2005-2781

2005-09-0223:03:00
[email protected]
web.nvd.nist.gov
26
cve-2005-2781
fud forum
avatar upload
remote code execution
php
security vulnerability

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.5%

JSON

The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.

Affected configurations

NVD
Node
ilia_alshanetskyfudforumMatch2.1.0
OR
ilia_alshanetskyfudforumMatch2.1.1
OR
ilia_alshanetskyfudforumMatch2.1.2
OR
ilia_alshanetskyfudforumMatch2.1.3
OR
ilia_alshanetskyfudforumMatch2.2.0
OR
ilia_alshanetskyfudforumMatch2.2.1
OR
ilia_alshanetskyfudforumMatch2.2.2
OR
ilia_alshanetskyfudforumMatch2.2.3
OR
ilia_alshanetskyfudforumMatch2.2.4
OR
ilia_alshanetskyfudforumMatch2.2.5
OR
ilia_alshanetskyfudforumMatch2.3.0
OR
ilia_alshanetskyfudforumMatch2.3.1
OR
ilia_alshanetskyfudforumMatch2.3.2
OR
ilia_alshanetskyfudforumMatch2.3.3
OR
ilia_alshanetskyfudforumMatch2.3.4
OR
ilia_alshanetskyfudforumMatch2.3.5
OR
ilia_alshanetskyfudforumMatch2.3.6
OR
ilia_alshanetskyfudforumMatch2.3.7
OR
ilia_alshanetskyfudforumMatch2.3.8
OR
ilia_alshanetskyfudforumMatch2.5.0
OR
ilia_alshanetskyfudforumMatch2.5.1
OR
ilia_alshanetskyfudforumMatch2.5.2
OR
ilia_alshanetskyfudforumMatch2.6.0
OR
ilia_alshanetskyfudforumMatch2.6.1
OR
ilia_alshanetskyfudforumMatch2.6.2
OR
ilia_alshanetskyfudforumMatch2.6.3
OR
ilia_alshanetskyfudforumMatch2.6.4
OR
ilia_alshanetskyfudforumMatch2.6.5
OR
ilia_alshanetskyfudforumMatch2.6.6
OR
ilia_alshanetskyfudforumMatch2.6.7
OR
ilia_alshanetskyfudforumMatch2.6.8
OR
ilia_alshanetskyfudforumMatch2.6.9
OR
ilia_alshanetskyfudforumMatch2.6.10
OR
ilia_alshanetskyfudforumMatch2.6.11
OR
ilia_alshanetskyfudforumMatch2.6.12
OR
ilia_alshanetskyfudforumMatch2.6.13
OR
ilia_alshanetskyfudforumMatch2.6.14
OR
ilia_alshanetskyfudforumMatch2.6.15
OR
ilia_alshanetskyfudforumMatch2.7.0

Related

nessus 2
ubuntucve 1
debian 1
osv 1
cvelist 1
openvas 4
nvd 1
nessus
nessus
Debian DSA-1063-1 : phpgroupware - missing input sanitising
2006-10-14 00:00:00
FUDforum < 2.7.1 Avatar Upload Extension Validation Weakness Arbitrary Code Execution
2005-08-29 00:00:00
ubuntucve
ubuntucve
CVE-2005-2781
2005-09-02 00:00:00
debian
debian
[SECURITY] [DSA 1063-1] New phpgroupware packages fix execution of arbitrary web script code
2006-05-19 00:00:00
osv
osv
phpgroupware - missing input sanitising
2006-05-08 00:00:00
cvelist
cvelist
CVE-2005-2781
2005-09-02 04:00:00
openvas
openvas
Debian: Security Advisory (DSA-1063-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 1063-1 (phpgroupware)
2008-01-17 00:00:00
HP-UX Update for Mozilla remote HPSBUX01133
2009-05-05 00:00:00
nvd
nvd
CVE-2005-2781
2005-09-02 23:03:00

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.5%

JSON
Related for CVE-2005-2781
nessus2ubuntucve1debian1osv1cvelist1openvas4nvd1