CVE-2005-1881

Name of the Vulnerable Software and Affected Versions YaPiG versions 0.92b through 0.94u

Description The issue concerns the upload.php file in YaPiG, which does not properly restrict the file extension for uploaded image files. This allows remote attackers to upload arbitrary files and execute arbitrary PHP code.

Recommendations For YaPiG versions 0.92b through 0.94u, consider restricting access to the upload.php file until a proper fix is applied, and ensure that only authorized users can upload files. As a temporary workaround, consider validating and restricting file extensions for uploaded image files to prevent the execution of arbitrary PHP code.