CVE: CVE-2005-1881

Export to Word

upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.06748
Percentile: 0.90852

CVSS Scoring

CVSS v2 Score: 7.5

Severity:

Mapped CWE(s)

CWE-434 : Unrestricted Upload of File with Dangerous Type

All CAPEC(s)

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

CAPEC(s) with Mapped TTPs

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
Mapped TTPs:
- T1574.010 : Services File Permissions Weakness

Mapped ATT&CK TTPs

T1574.010 : Services File Permissions Weakness
Kill Chain: persistence

Malware

BlackEnergy

APTs Threat Group Associations

Campaigns

Affected Products

cpe:2.3:a:yapig:yapig:0.92b:*:*:*:*:*:*:*
cpe:2.3:a:yapig:yapig:0.93u:*:*:*:*:*:*:*
cpe:2.3:a:yapig:yapig:0.94u:*:*:*:*:*:*:*

← Back to Home