Description

The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered.

Remediation

References

CVE-2005-0743

Related Vulnerabilities

WordPress Plugin Social Share Buttons-Social Pug Multiple Unspecified Vulnerabilities (1.3.1)

WordPress Plugin Image Photo Gallery Final Tiles Grid Cross-Site Scripting (3.4.18)

WebLogic CVE-2018-2935 Vulnerability (CVE-2018-2935)

WordPress Plugin Jigoshop-Store Toolkit Privilege Escalation (1.3.7)

WordPress Plugin Verve Meta Boxes TimThumb Arbitrary File Upload (1.2.8)

Severity

High

Classification

CVE-2005-0743

Tags

Missing Update Known Vulnerabilities