CVE-2005-2781

NameCVE-2005-2781
DescriptionThe Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1063-1
Debian Bugs340094, 340495

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
egroupwaresource(unstable)1.0.0.009.dfsg-3-4medium340495
phpgroupwaresourcewoody0.9.14-0.RC3.2.woody6DSA-1063-1
phpgroupwaresourcesarge0.9.16.005-3.sarge5DSA-1063-1
phpgroupwaresource(unstable)0.9.16.009-1medium340094

Notes

[woody] - phpgroupware <not-affected> (fudforum not included until 0.9.16)
Sarge affected, woody isn't

Search for package or bug name: Reporting problems