CVE-2005-2781

NameCVE-2005-2781
DescriptionThe Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1063-1
NVD severityhigh (attack range: remote)
Debian Bugs340094, 340495

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
egroupwaresource(unstable)1.0.0.009.dfsg-3-4medium340495
phpgroupwaresource(unstable)0.9.16.009-1medium340094
phpgroupwaresourcesarge0.9.16.005-3.sarge5highDSA-1063-1
phpgroupwaresourcewoody0.9.14-0.RC3.2.woody6highDSA-1063-1

Notes

[woody] - phpgroupware <not-affected> (fudforum not included until 0.9.16)
Sarge affected, woody isn't

Search for package or bug name: Reporting problems