OpenCVE

The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Xoops	Xoops

Configuration 1 [-]

OR	cpe:2.3:a:xoops:xoops:1.0_rc1:::::::*
	cpe:2.3:a:xoops:xoops:1.0_rc3:::::::*
	cpe:2.3:a:xoops:xoops:1.0_rc3.0.5:::::::*
	cpe:2.3:a:xoops:xoops:1.3.5:::::::*
	cpe:2.3:a:xoops:xoops:1.3.6:::::::*
	cpe:2.3:a:xoops:xoops:1.3.7:::::::*
	cpe:2.3:a:xoops:xoops:1.3.8:::::::*
	cpe:2.3:a:xoops:xoops:1.3.9:::::::*
	cpe:2.3:a:xoops:xoops:1.3.10:::::::*
	cpe:2.3:a:xoops:xoops:2.0:::::::*
	cpe:2.3:a:xoops:xoops:2.0.1:::::::*
	cpe:2.3:a:xoops:xoops:2.0.2:::::::*
	cpe:2.3:a:xoops:xoops:2.0.3:::::::*
	cpe:2.3:a:xoops:xoops:2.0.5:::::::*
	cpe:2.3:a:xoops:xoops:2.0.5.1:::::::*
	cpe:2.3:a:xoops:xoops:2.0.5.2:::::::*
	cpe:2.3:a:xoops:xoops:2.0.9.2:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/14520
http://www.securityfocus.com/archive/1/392626
http://www.securityfocus.com/bid/12754
http://www.xoops.org/modules/news/article.php?storyid=2114
https://exchange.xforce.ibmcloud.com/vulnerabilities/19634

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-03-13T05:00:00

Updated: 2024-08-07T21:21:06.703Z

Reserved: 2005-03-13T00:00:00

Link: CVE-2005-0743

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-05-02T04:00:00.000

Modified: 2024-11-20T23:55:48.640

Link: CVE-2005-0743

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-03-08T00:00:00", "descriptions": [{"lang": "en", "value": "The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "14520", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/14520"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.xoops.org/modules/news/article.php?storyid=2114"}, {"name": "20050308 [SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file extension validation", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/392626"}, {"name": "12754", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/12754"}, {"name": "xoops-uploader-file-upload(19634)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19634"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-0743", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "14520", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/14520"}, {"name": "http://www.xoops.org/modules/news/article.php?storyid=2114", "refsource": "CONFIRM", "url": "http://www.xoops.org/modules/news/article.php?storyid=2114"}, {"name": "20050308 [SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file extension validation", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/392626"}, {"name": "12754", "refsource": "BID", "url": "http://www.securityfocus.com/bid/12754"}, {"name": "xoops-uploader-file-upload(19634)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19634"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T21:21:06.703Z"}, "title": "CVE Program Container", "references": [{"name": "14520", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/14520"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.xoops.org/modules/news/article.php?storyid=2114"}, {"name": "20050308 [SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file extension validation", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/392626"}, {"name": "12754", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/12754"}, {"name": "xoops-uploader-file-upload(19634)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19634"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-0743", "datePublished": "2005-03-13T05:00:00", "dateReserved": "2005-03-13T00:00:00", "dateUpdated": "2024-08-07T21:21:06.703Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xoops:xoops:1.0_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "3355CD8B-9EF3-46CE-8DA3-FCF64B24F529", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:1.0_rc3:*:*:*:*:*:*:*", "matchCriteriaId": "EFE4119C-E4A0-405F-AF9A-DAE023F79862", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:1.0_rc3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "348CD73F-6D2F-439B-9E15-6177895F27C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:1.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "FAE8B49C-84BE-4339-909F-389D3C1FD1EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:1.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "6515D89E-A80A-4C9B-AABA-886DA748FC1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:1.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "B0F5267A-F85F-4394-9427-592F9C09D53A", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:1.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "0BD944A1-902C-4031-80A5-61621CCA28A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:1.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "0764C095-72DA-4FAA-9A59-D192144872F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:1.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "21260A9E-32F8-4A95-A77B-34183F59C52F", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D649637-9772-4B71-B219-DD505CDB3549", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "33E91D0D-42F6-4FAC-BD04-AA4D77C6DAD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "881DDA3C-4D95-471F-95BA-6C4629B3CB68", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "E235D928-E2D9-46D3-B95F-C4AF556D3C01", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "0C32DECD-1E28-4CC1-812B-E8D54B5703EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "9AD25BC1-E435-4691-B42A-0D98D80F0F83", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "1F58A3E7-4C21-48FD-AA26-7CCE85BAE887", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "FC857372-A76D-4F3D-9FEE-6086A0AB002C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered."}], "id": "CVE-2005-0743", "lastModified": "2024-11-20T23:55:48.640", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/14520"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/archive/1/392626"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/12754"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.xoops.org/modules/news/article.php?storyid=2114"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19634"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/14520"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/archive/1/392626"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/12754"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.xoops.org/modules/news/article.php?storyid=2114"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19634"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}