Description
The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.
References (4)
Scores
CVSS v3
9.8
EPSS
0.0176
EPSS Percentile
82.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-178
Status
published
Products (1)
sir/gnuboard
< 3.40
Published
May 02, 2005
Tracked Since
Feb 18, 2026