Vulnerability Details CVE-2005-1031
RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://marc.info/?l=bugtraq&m=111280711228450&w=2
- http://secunia.com/advisories/14869
- http://www.runcms.org/public/modules/news/
- http://www.securityfocus.com/bid/13027
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20001
- http://marc.info/?l=bugtraq&m=111280711228450&w=2
- http://secunia.com/advisories/14869
- http://www.runcms.org/public/modules/news/
- http://www.securityfocus.com/bid/13027
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20001