YaPiG upload.php File Extension Validation Failure Arbitrary Command Execution

2005-06-04T08:17:59
ID OSVDB:17115
Type osvdb
Reporter OSVDB
Modified 2005-06-04T08:17:59

Description

Vulnerability Description

YaPiG contains a flaw that may allow a malicious user to execute arbitrary code. The issue occurs because the upload image functionality does not validate file extensions for user-supplied files. If an authenticated user uploads an executable file instead of an image file, it may be possible to execute arbitrary PHP code resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

YaPiG contains a flaw that may allow a malicious user to execute arbitrary code. The issue occurs because the upload image functionality does not validate file extensions for user-supplied files. If an authenticated user uploads an executable file instead of an image file, it may be possible to execute arbitrary PHP code resulting in a loss of integrity.

References:

Vendor URL: http://yapig.sourceforge.net/ Security Tracker: 1014103 Secunia Advisory ID:15600 Related OSVDB ID: 17117 Related OSVDB ID: 17119 Related OSVDB ID: 17121 Related OSVDB ID: 17116 Related OSVDB ID: 17118 Related OSVDB ID: 17120 Other Advisory URL: http://secwatch.org/advisories/secwatch/20050530_yapig.txt CVE-2005-1881 Bugtraq ID: 13874