CVE-2005-0269
CRITICALGNUBoard < 3.40 - Unauthenticated Arbitrary File Upload via Case Sensitivity Bypass
Title source: llmDescription
The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.
References (4)
Core 4
Core References
Exploit, Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110477648219738&w=2
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/13711
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12149
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18729
Scores
CVSS v3
9.8
EPSS
0.0264
EPSS Percentile
83.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-178
Status
published
Products (1)
sir/gnuboard
< 3.40
Published
May 02, 2005
Tracked Since
Feb 18, 2026