CVE-2005-1957

Adam Mmedici File Upload Manager - Authentication Bypass

Title source: rule

Description

mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action.

References (4)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2005-06/0116.html

[Mailing List] http://marc.info/?l=bugtraq&m=111868578006615&w=2

[Third Party Advisory, VDB Entry] http://www.osvdb.org/17435

[Third Party Advisory, VDB Entry] http://www.osvdb.org/20258

Scores

EPSS 0.0084

EPSS Percentile 74.5%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

adam_mmedici/file_upload_manager

Timeline

Published Jun 12, 2005

Tracked Since Feb 18, 2026