CVE-2005-0269 - The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowe

CVE-2005-0269

Summary

The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.

References

http://www.securityfocus.com/bid/12149
http://secunia.com/advisories/13711
http://marc.info/?l=bugtraq&m=110477648219738&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/18729

Vulnerable Configurations

cpe:2.3:a:sir:gnuboard:-:*:*:*:*:*:*:*
cpe:2.3:a:sir:gnuboard:-:*:*:*:*:*:*:*
cpe:2.3:a:sir:gnuboard:3.40:*:*:*:*:*:*:*
cpe:2.3:a:sir:gnuboard:3.40:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 02-02-2024 - 02:15)
Impact:
Exploitability:

CWE

CWE-178

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	12149
bugtraq	20050103 STG Security Advisory: [SSA-20041224-21] File extensions
secunia	13711
xf	gnuboard-gbupdate-file-upload(18729)

Last major update

02-02-2024 - 02:15

Published

02-05-2005 - 04:00

Last modified

02-02-2024 - 02:15