Back to search
CVE-2005-2781
Published: Sep 2, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20050828 FUD Forum < 2.7.1 PHP code injection vurnelability
mailing-list
x_refsource_BUGTRAQ
16627
third-party-advisory
x_refsource_SECUNIA
fudforum-avatar-file-upload(22076)
vdb-entry
x_refsource_XF
20203
third-party-advisory
x_refsource_SECUNIA
http://fudforum.org/forum/index.php?t=msg&th=5470&start=0&
x_refsource_CONFIRM
14678
vdb-entry
x_refsource_BID
DSA-1063
vendor-advisory
x_refsource_DEBIAN
20090127 Re: FUD Forum < 2.7.1 PHP code injection vurnelability
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now