PT-2005-1778 · Xoops · Xoops

Published

2005-03-13

Updated

2017-07-11

CVE-2005-0743

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions XOOPS versions 2.0.9.2 and earlier

Description The issue concerns the custom avatar uploading feature, specifically the uploader.php file, which does not filter file extensions. This allows remote attackers to upload arbitrary PHP scripts.

Recommendations For XOOPS versions 2.0.9.2 and earlier, consider disabling the custom avatar uploading feature, specifically the uploader.php file, until a fix is available to prevent the upload of arbitrary PHP scripts.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0743

Affected Products

Xoops

PT-2005-1778 · Xoops · Xoops

CVE-2005-0743

Related Identifiers

Affected Products

References · 7