Vulnerability Details CVE-2005-2885
The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which could allow remote attackers to bypass file extension checks and execute arbitrary commands by uploading a file with a different extension, as demonstrated using .inc files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.073
EPSS Ranking 91.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=112603835317458&w=2
- http://secunia.com/advisories/16731/
- http://www.securityfocus.com/bid/14750
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22199
- http://marc.info/?l=bugtraq&m=112603835317458&w=2
- http://secunia.com/advisories/16731/
- http://www.securityfocus.com/bid/14750
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22199