{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-08-28T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20050828 FUD Forum < 2.7.1 PHP code injection vurnelability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=112534235403406&w=2"}, {"name": "16627", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/16627/"}, {"name": "fudforum-avatar-file-upload(22076)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22076"}, {"name": "20203", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20203"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://fudforum.org/forum/index.php?t=msg&th=5470&start=0&"}, {"name": "14678", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/14678"}, {"name": "DSA-1063", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1063"}, {"name": "20090127 Re: FUD Forum < 2.7.1 PHP code injection vurnelability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/500406/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-2781", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20050828 FUD Forum < 2.7.1 PHP code injection vurnelability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=112534235403406&w=2"}, {"name": "16627", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/16627/"}, {"name": "fudforum-avatar-file-upload(22076)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22076"}, {"name": "20203", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20203"}, {"name": "http://fudforum.org/forum/index.php?t=msg&th=5470&start=0&", "refsource": "CONFIRM", "url": "http://fudforum.org/forum/index.php?t=msg&th=5470&start=0&"}, {"name": "14678", "refsource": "BID", "url": "http://www.securityfocus.com/bid/14678"}, {"name": "DSA-1063", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1063"}, {"name": "20090127 Re: FUD Forum < 2.7.1 PHP code injection vurnelability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500406/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T22:45:02.220Z"}, "title": "CVE Program Container", "references": [{"name": "20050828 FUD Forum < 2.7.1 PHP code injection vurnelability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=112534235403406&w=2"}, {"name": "16627", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/16627/"}, {"name": "fudforum-avatar-file-upload(22076)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22076"}, {"name": "20203", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20203"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://fudforum.org/forum/index.php?t=msg&th=5470&start=0&"}, {"name": "14678", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/14678"}, {"name": "DSA-1063", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-1063"}, {"name": "20090127 Re: FUD Forum < 2.7.1 PHP code injection vurnelability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/500406/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-2781", "datePublished": "2005-09-02T04:00:00.000Z", "dateReserved": "2005-09-02T00:00:00.000Z", "dateUpdated": "2024-08-07T22:45:02.220Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5E66CD67-55D1-48A0-9A19-D3153B7DC787", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A21D4EA6-C739-4BA0-ABBD-1E95CDD5E808", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "F68DB291-A958-4296-855A-B3CF19704E70", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "A8A9D296-6C54-4436-AE77-0D5291415DBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "81684C0A-B31D-46F5-998F-21F1FDDFBBEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "5A41890E-4C88-4161-9DE3-C273272176E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "FDB8AF21-93A9-4756-B2E8-313FA6638158", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "B14E676F-8A71-4607-80DC-F538F697E674", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "2C42CAF4-3936-455F-AE02-312278C84FD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "00EB1238-BD1C-4A5E-9491-8AC343868FFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "C07DA566-0075-4297-8531-A5E7C03877FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5428C3B-997C-417E-932D-CD2E9139891D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "B49C1DE2-FE7A-4AE0-AFB4-15C323C47817", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "63E5AFE9-C5FC-448D-B3FB-411C0CAB2174", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "CFA28579-5406-471B-A015-00DE3283B8C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "1CC947E3-E98A-4673-B6A4-22C63BDAADBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "2BF1BF48-11AE-4737-9F65-E01A3F8D5EA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "4D94B04F-E6E4-452E-883A-B88DDDDF6AE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "C253560E-D233-43B0-86E6-F41690BEEDCC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1AB63A18-0C81-4C18-91CE-E9FC1497CB82", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0A0F3EF-9345-407B-8110-C6F8E44861CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "8F6480F8-D5AF-418F-BBB7-E09941EAA56E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E20EC310-AF18-4001-913C-849D60C86047", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "6C5A8FE4-FD41-4FB5-B0FA-C3C4669E42C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "699C28AF-95BD-44EA-BD50-F9616B53FBF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "3A60D274-69FA-4C37-A472-FEB1D18DA6C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "3C4219A0-F0EA-4303-B46F-D170EB6B05B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "9837B11A-A3AA-4CE7-A0BE-E9709D42ECD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "0590709E-FD1E-4BF4-8158-09B243B87648", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "EA4DAE8A-8F53-4A66-9A42-BC468569D31B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "C4331016-C28D-4C17-B6A2-11A7E45873E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "DFADD332-B80D-4D04-AA20-147F00F3CB0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "8A60EFEB-036F-4828-8D17-069C0CF448D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.11:*:*:*:*:*:*:*", "matchCriteriaId": "51906E70-8317-4B8A-A384-13F62B0D24B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "50A53ED7-CB9B-4D83-8C67-BF14DDD5A081", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.13:*:*:*:*:*:*:*", "matchCriteriaId": "3E2D688C-2A06-4381-A2FF-27CA81606A69", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "F035957A-5FF8-43AA-8DF9-C132051FF1E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.15:*:*:*:*:*:*:*", "matchCriteriaId": "A90D1C9D-E8C2-43D1-A87E-89DA4CBDE4BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "A616B2B6-49D7-42D2-8FFE-7D9B3B7FE13B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code."}], "id": "CVE-2005-2781", "lastModified": "2026-04-16T00:27:16.627", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-09-02T23:03:00.000", "references": [{"source": "cve@mitre.org", "url": "http://fudforum.org/forum/index.php?t=msg&th=5470&start=0&"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=112534235403406&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/16627/"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/20203"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1063"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/500406/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/14678"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22076"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://fudforum.org/forum/index.php?t=msg&th=5470&start=0&"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=112534235403406&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/16627/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/20203"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2006/dsa-1063"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/500406/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/14678"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22076"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}