Description
upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code.
Exploits (1)
References (4)
Core 4
Core References
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/15600/
Broken Link, Vendor Advisory vdb-entry
x_refsource_osvdb
http://www.osvdb.org/17115
Broken Link, Vendor Advisory x_refsource_misc
http://secwatch.org/advisories/secwatch/20050530_yapig.txt
Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1014103
Scores
EPSS
0.0675
EPSS Percentile
91.4%
Details
CWE
CWE-434
Status
published
Products (3)
yapig/yapig
0.92b
yapig/yapig
0.93u
yapig/yapig
0.94u
Published
Jun 06, 2005
Tracked Since
Feb 18, 2026