ID CVE-2005-2733
Summary upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly restrict file extensions of uploaded files, which could allow remote attackers to execute arbitrary code.
References
Vulnerable Configurations
  • cpe:2.3:a:alexander_palmo:simple_php_blog:0.4.0
    cpe:2.3:a:alexander_palmo:simple_php_blog:0.4.0
CVSS
Base: 7.5 (as of 30-08-2005 - 09:12)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description Simple PHP Blog <= 0.4.0 Multiple Remote Exploits. CVE-2005-2192,CVE-2005-2733,CVE-2005-2787. Webapps exploit for php platform
    id EDB-ID:1191
    last seen 2016-01-31
    modified 2005-09-01
    published 2005-09-01
    reporter Kenneth Belva
    source https://www.exploit-db.com/download/1191/
    title Simple PHP Blog <= 0.4.0 - Multiple Remote Exploits
  • description Simple PHP Blog. CVE-2005-2733. Webapps exploit for php platform
    id EDB-ID:16883
    last seen 2016-02-02
    modified 2010-07-25
    published 2010-07-25
    reporter metasploit
    source https://www.exploit-db.com/download/16883/
    title Simple PHP Blog <= 0.4.0 - Remote Command Execution
metasploit via4
description This module combines three separate issues within The Simple PHP Blog (<= 0.4.0) application to upload arbitrary data and thus execute a shell. The first vulnerability exposes the hash file (password.txt) to unauthenticated users. The second vulnerability lies within the image upload system provided to logged-in users; there is no image validation function in the blogger to prevent an authenticated user from uploading any file type. The third vulnerability occurs within the blog comment functionality, allowing arbitrary files to be deleted.
id MSF:EXPLOIT/UNIX/WEBAPP/SPHPBLOG_FILE_UPLOAD
last seen 2019-02-27
modified 2017-11-08
published 2008-10-19
reliability Excellent
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/sphpblog_file_upload.rb
title Simple PHP Blog Remote Command Execution
nessus via4
NASL family CGI abuses
NASL id SPHPBLOG_040.NASL
description The version of Simple PHP Blog installed on the remote host allows authenticated attackers to upload files containing arbitrary code to be executed with the privileges of the web server userid. In addition, it likely lets anyone retrieve its configuration file as well as the user list and to delete arbitrary files subject to the privileges of the web server user id.
last seen 2019-02-21
modified 2018-11-15
plugin id 19516
published 2005-08-27
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=19516
title Simple PHP Blog <= 0.4.0 Multiple Vulnerabilities
packetstorm via4
data source https://packetstormsecurity.com/files/download/82368/sphpblog_file_upload.rb.txt
id PACKETSTORM:82368
last seen 2016-12-05
published 2009-10-30
reporter Matteo Cantoni
source https://packetstormsecurity.com/files/82368/Simple-PHP-Blog-0.4.0-Command-Execution.html
title Simple PHP Blog 0.4.0 Command Execution
refmap via4
bid 14667
bugtraq 20050826 Simple PHP Blog File Upload and User Credentials Exposure Vulnerabilities
secunia 16598
xf simple-php-uploadimgcgi-file-upload(22012)
Last major update 17-10-2016 - 23:29
Published 30-08-2005 - 07:45
Last modified 10-07-2017 - 21:32
Back to Top