CVE-2005-0269

CRITICAL

9.8

Descripcion

The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado5/2/2005

Ultima modificacion4/16/2026

Fuentenvd

Avistamientos honeypot0

Productos afectados

sir:gnuboard

Debilidades (CWE)

CWE-178

Referencias

http://marc.info/?l=bugtraq&m=110477648219738&w=2(cve@mitre.org)

http://secunia.com/advisories/13711(cve@mitre.org)

http://www.securityfocus.com/bid/12149(cve@mitre.org)

https://exchange.xforce.ibmcloud.com/vulnerabilities/18729(cve@mitre.org)

http://marc.info/?l=bugtraq&m=110477648219738&w=2(af854a3a-2127-422b-91ae-364da2661108)

http://secunia.com/advisories/13711(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/12149(af854a3a-2127-422b-91ae-364da2661108)

https://exchange.xforce.ibmcloud.com/vulnerabilities/18729(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.