Vulnerability Details CVE-2005-1881
upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.067
EPSS Ranking 90.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/15600/
- http://securitytracker.com/id?1014103
- http://secwatch.org/advisories/secwatch/20050530_yapig.txt
- http://www.osvdb.org/17115
- http://secunia.com/advisories/15600/
- http://securitytracker.com/id?1014103
- http://secwatch.org/advisories/secwatch/20050530_yapig.txt
- http://www.osvdb.org/17115