CVE-2005-1884

Name of the Vulnerable Software and Affected Versions YaPiG versions 0.92b through 0.94u

Description The issue allows remote attackers to create or delete arbitrary directories via a .. (dot dot) in the dir parameter in the rmdir or mkdir commands in upload.php.

Recommendations For YaPiG versions 0.92b through 0.94u, consider restricting access to the upload.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the dir parameter in the affected commands until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.