CVE-2005-2781

Publication date 2 September 2005

Last updated 24 July 2024


Ubuntu priority

The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.

Status

Package Ubuntu Release Status
egroupware 7.04 feisty
Fixed 1.0.0.009.dfsg-3-4
6.10 edgy
Fixed 1.0.0.009.dfsg-3-4
6.06 LTS dapper
Fixed 1.0.0.009.dfsg-3-4
phpgroupware 7.04 feisty
Fixed 0.9.16.010-1
6.10 edgy
Fixed 0.9.16.010-1
6.06 LTS dapper
Fixed 0.9.16.010-1