ID |
CVE-2005-0269
|
Summary |
The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 7.5 (as of 02-02-2024 - 02:15) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-178 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bid | 12149 | bugtraq | 20050103 STG Security Advisory: [SSA-20041224-21] File extensions | secunia | 13711 | xf | gnuboard-gbupdate-file-upload(18729) |
|
Last major update |
02-02-2024 - 02:15 |
Published |
02-05-2005 - 04:00 |
Last modified |
02-02-2024 - 02:15 |