Description

The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered.

Remediation

References

CVE-2005-0743

Related Vulnerabilities

WordPress Plugin Basic Dev Tools Multiple Cross-Site Scripting Vulnerabilities (1.4.1)

GlassFish Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-1000028)

Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17672)

WordPress Plugin iframe Cross-Site Scripting (4.4)

Severity

High

Classification

CVE-2005-0743

Tags

Missing Update Known Vulnerabilities