Vulnerabilities

CVE-2005-4171

by Fred · 11/12/2005

The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the image validity check but executes any PHP code within the file.

Date published : 2005-12-11

http://www.securityfocus.com/bid/15568

http://archives.neohapsis.com/archives/bugtraq/2005-11/0301.html

Similar

Tags: Cybersecurity Alert