Vulnerability Details CVE-2004-1404
Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 84.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=110321557806215&w=2
- http://secunia.com/advisories/13421/
- http://www.opentools.de/board/viewtopic.php?t=3590
- http://www.securityfocus.com/bid/11893
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18438
- http://marc.info/?l=bugtraq&m=110321557806215&w=2
- http://secunia.com/advisories/13421/
- http://www.opentools.de/board/viewtopic.php?t=3590
- http://www.securityfocus.com/bid/11893
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18438
Products affected by CVE-2004-1404
-
cpe:2.3:a:opentools:attachment_mod:2.3.10
-
cpe:2.3:a:opentools:attachment_mod:2.3.4
-
cpe:2.3:a:opentools:attachment_mod:2.3.5
-
cpe:2.3:a:opentools:attachment_mod:2.3.6
-
cpe:2.3:a:opentools:attachment_mod:2.3.7
-
cpe:2.3:a:opentools:attachment_mod:2.3.8
-
cpe:2.3:a:opentools:attachment_mod:2.3.9