admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2005/CVE-2005-41xx/CVE-2005-4171.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

168 lines
4.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2005-4171",
"sourceIdentifier": "cve@mitre.org",
"published": "2005-12-11T21:03:00.000",
"lastModified": "2024-11-21T00:03:37.393",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"Upload new image\" command in the \"Manage Images\" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the image validity check but executes any PHP code within the file."
},
{
"lang": "es",
"value": "La orden \"Upload new image\" (Subir nueva imagen) en \"Manage Images\" (Gestionar im\u00e1genes) de eFiction 1.1, cuando se permite a los miembros subir im\u00e1genes, permite a atacantes remotos ejecutar PHP de su elecci\u00f3n subiendo un fichero con extensi\u00f3n .php que contiene una cabecera GIF, que pasa la comprobaci\u00f3n de validaci\u00f3n de imagen pero ejecuta cualquier c\u00f3digo PHP en el fichero."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": true,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:efiction_project:efiction:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1234166D-F9ED-41DA-B08F-21E6B96AC43B"
}
]
}
]
}
],
"references": [
{
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-11/0301.html",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "http://rgod.altervista.org/efiction2_xpl.html",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/17777",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "http://securitytracker.com/id?1015273",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555",
"source": "cve@mitre.org"
},
{
"url": "http://www.osvdb.org/21124",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/bid/15568",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-11/0301.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "http://rgod.altervista.org/efiction2_xpl.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/17777",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "http://securitytracker.com/id?1015273",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.osvdb.org/21124",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.securityfocus.com/bid/15568",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink