CVE-2005-1881

Yapig - Unrestricted File Upload

Title source: rule

Description

upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code.

Exploits (1)

exploitdb WRITEUP VERIFIED

by anonymous · textwebappsphp

https://www.exploit-db.com/exploits/25792

View Code ZIP pw:eip

References (4)

[Broken Link, Vendor Advisory] http://secunia.com/advisories/15600/

[Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory] http://securitytracker.com/id?1014103

[Broken Link, Vendor Advisory] http://secwatch.org/advisories/secwatch/20050530_yapig.txt

[Broken Link, Vendor Advisory] http://www.osvdb.org/17115

Scores

EPSS 0.0675

EPSS Percentile 91.1%

Classification

CWE

CWE-434

Status draft

Affected Products (3)

yapig/yapig

Timeline

Published Jun 06, 2005

Tracked Since Feb 18, 2026