Vulnerability Details CVE-2005-1604
PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to upload arbitrary files via filenames containing multiple file extensions, as demonstrated using a filename ending in "php.ns", which allows execution of arbitrary PHP code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.078
EPSS Ranking 91.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://seclists.org/lists/bugtraq/2005/May/0075.html
- http://secunia.com/advisories/15279
- http://www.osvdb.org/16160
- http://www.securityfocus.com/archive/1/415172
- http://www.securityfocus.com/archive/1/415300/30/0/threaded
- http://www.securityfocus.com/bid/13542
- http://seclists.org/lists/bugtraq/2005/May/0075.html
- http://secunia.com/advisories/15279
- http://www.osvdb.org/16160
- http://www.securityfocus.com/archive/1/415172
- http://www.securityfocus.com/archive/1/415300/30/0/threaded
- http://www.securityfocus.com/bid/13542
Products affected by CVE-2005-1604
-
cpe:2.3:a:bugada_andrea:php_advanced_transfer_manager:1.21