2 matches found
CVE-2005-4171
The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the image validity check but executes any PHP...
CVE-2005-4171
The CVE reports a remote PHP code execution in eFiction 1.1 when image-upload is allowed. An uploaded file named with a .php extension can start as a GIF (passes image validation) but contains PHP code that gets executed by the web server, enabling arbitrary code execution. The vulnerability stem...