CVE-2005-1957

File Upload Manager - Unauthenticated Arbitrary File Read and Delete via Base64-Encoded File Parameter

Title source: llm
STIX 2.1

Description

mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/17435
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2005-06/0116.html
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111868578006615&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20258

Scores

EPSS 0.0165
EPSS Percentile 73.6%

Details

CWE
CWE-287
Status published
Products (1)
adam_mmedici/file_upload_manager
Published Jun 12, 2005
Tracked Since Feb 18, 2026