CVE DATABASE / CVE-2005-1881
CVE-2005-1881
CVSS 7.5 · HIGH
Summary
upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code.
CVSS 2.0 breakdown
| Base score | 7.5 (HIGH) |
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Confidentiality | PARTIAL |
| Integrity | PARTIAL |
| Availability | PARTIAL |
Weakness type (CWE)
Affected products
Yapig yapig
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://secunia.com/advisories/15600/
- http://securitytracker.com/id?1014103
- http://secwatch.org/advisories/secwatch/20050530_yapig.txt
- http://www.osvdb.org/17115
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.