Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2005-1881 | First vendor Publication | 2005-06-06 |
| Vendor | Cve | Last vendor Modification | 2024-01-26 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1881 |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs |
| CAPEC-122 | Exploitation of Authorization |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-434 | Unrestricted Upload of File with Dangerous Type (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2005-11-03 | Name : YaPiG Multiple Flaws File : nvt/yapig_multiple_flaws.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 17115 | YaPiG upload.php File Extension Validation Failure Arbitrary Command Execution YaPiG contains a flaw that may allow a malicious user to execute arbitrary code. The issue occurs because the upload image functionality does not validate file extensions for user-supplied files. If an authenticated user uploads an executable file instead of an image file, it may be possible to execute arbitrary PHP code resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2005-06-17 | Name : The remote web server contains a PHP application that is affected by multiple... File : yapig_multiple_flaws.nasl - Type : ACT_ATTACK |
Sources (Detail)
| Source | Url |
|---|---|
| MISC | http://secwatch.org/advisories/secwatch/20050530_yapig.txt |
| OSVDB | http://www.osvdb.org/17115 |
| SECTRACK | http://securitytracker.com/id?1014103 |
| SECUNIA | http://secunia.com/advisories/15600/ |
Alert History
| Date | Informations |
|---|---|
| 2024-01-27 00:28:11 |
|
| 2021-05-04 12:03:00 |
|
| 2021-04-22 01:03:16 |
|
| 2020-05-23 00:16:37 |
|
| 2016-06-28 15:19:12 |
|
| 2016-04-26 13:35:46 |
|
| 2014-02-17 10:31:43 |
|
| 2013-05-11 11:26:59 |
|
