Description

The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered.

Remediation

References

CVE-2005-0743

Related Vulnerabilities

Caddy Web Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28923)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4629)

Joomla CVE-2019-7739 Vulnerability (CVE-2019-7739)

GlassFish Improper Input Validation Vulnerability (CVE-2011-5035)

WordPress Plugin Import all XML, CSV & TXT into WordPress Cross-Site Scripting (3.8.7)

Severity

High

Classification

CVE-2005-0743

Tags

Missing Update Known Vulnerabilities