CVE-2005-2781

Description

The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.

Software From Fixed in
ilia_alshanetsky / fudforum 2.1.0 2.1.0.x
ilia_alshanetsky / fudforum 2.1.1 2.1.1.x
ilia_alshanetsky / fudforum 2.1.2 2.1.2.x
ilia_alshanetsky / fudforum 2.1.3 2.1.3.x
ilia_alshanetsky / fudforum 2.2.0 2.2.0.x
ilia_alshanetsky / fudforum 2.2.1 2.2.1.x
ilia_alshanetsky / fudforum 2.2.2 2.2.2.x
ilia_alshanetsky / fudforum 2.2.3 2.2.3.x
ilia_alshanetsky / fudforum 2.2.4 2.2.4.x
ilia_alshanetsky / fudforum 2.2.5 2.2.5.x
ilia_alshanetsky / fudforum 2.3.0 2.3.0.x
ilia_alshanetsky / fudforum 2.3.1 2.3.1.x
ilia_alshanetsky / fudforum 2.3.2 2.3.2.x
ilia_alshanetsky / fudforum 2.3.3 2.3.3.x
ilia_alshanetsky / fudforum 2.3.4 2.3.4.x
ilia_alshanetsky / fudforum 2.3.5 2.3.5.x
ilia_alshanetsky / fudforum 2.3.6 2.3.6.x
ilia_alshanetsky / fudforum 2.3.7 2.3.7.x
ilia_alshanetsky / fudforum 2.3.8 2.3.8.x
ilia_alshanetsky / fudforum 2.5.0 2.5.0.x
ilia_alshanetsky / fudforum 2.5.1 2.5.1.x
ilia_alshanetsky / fudforum 2.5.2 2.5.2.x
ilia_alshanetsky / fudforum 2.6.0 2.6.0.x
ilia_alshanetsky / fudforum 2.6.1 2.6.1.x
ilia_alshanetsky / fudforum 2.6.10 2.6.10.x
ilia_alshanetsky / fudforum 2.6.11 2.6.11.x
ilia_alshanetsky / fudforum 2.6.12 2.6.12.x
ilia_alshanetsky / fudforum 2.6.13 2.6.13.x
ilia_alshanetsky / fudforum 2.6.14 2.6.14.x
ilia_alshanetsky / fudforum 2.6.15 2.6.15.x
ilia_alshanetsky / fudforum 2.6.2 2.6.2.x
ilia_alshanetsky / fudforum 2.6.3 2.6.3.x
ilia_alshanetsky / fudforum 2.6.4 2.6.4.x
ilia_alshanetsky / fudforum 2.6.5 2.6.5.x
ilia_alshanetsky / fudforum 2.6.6 2.6.6.x
ilia_alshanetsky / fudforum 2.6.7 2.6.7.x
ilia_alshanetsky / fudforum 2.6.8 2.6.8.x
ilia_alshanetsky / fudforum 2.6.9 2.6.9.x
ilia_alshanetsky / fudforum 2.7.0 2.7.0.x