2 matches found
CVE-2005-2607
The CVE concerns Simplicity oF Upload’s download.php where the language parameter can trigger a local/remote file inclusion (LFI) due to insufficient input sanitization. Affected software is the Simplicity oF Upload PHP script; vulnerability resides in download.php prior to version 1.3.1. Consequ...
CVE-2009-4818
The CVE-2009-4818 entry refers to an unrestricted file upload vulnerability in PHPSimplicity Simplicity oF Upload 1.3.2. Affected component is upload.php; attackers could upload a double-extension file (e.g., .php.gif) to trigger remote PHP code execution. Public references in the connected docum...