CVE-2005-2885

Name of the Vulnerable Software and Affected Versions MAXdev MD-Pro versions 1.0.73 and earlier

Description The issue allows remote attackers to bypass file extension checks and execute arbitrary commands by uploading a file with a different extension. This is possible due to an incomplete blacklist used to check for dangerous file extensions. For example, uploading a file with a .inc extension can be used to demonstrate this issue.

Recommendations For MAXdev MD-Pro versions 1.0.73 and earlier, consider restricting file uploads to only necessary extensions as a temporary workaround until a patch is available. Avoid using the file upload feature with untrusted sources until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.