Description
BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files.
References (3)
Core 3
Core References
Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12583
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110868948719773&w=2
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=110864983905770&w=2
Scores
CVSS v3
3.7
EPSS
0.0086
EPSS Percentile
75.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-434
Status
published
Products (1)
guillaumegardey/biborb
1.3.2 (2 CPE variants)
Published
May 02, 2005
Tracked Since
Feb 18, 2026