Unrated severityNVD Advisory· Published May 2, 2005· Updated Apr 16, 2026
CVE-2005-0743
CVE-2005-0743
Description
The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered.
Affected products
17cpe:2.3:a:xoops:xoops:1.3.10:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:xoops:xoops:1.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:1.0_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:1.0_rc3:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:1.0_rc3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:1.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:1.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:1.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.9.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- secunia.com/advisories/14520nvdPatchVendor Advisory
- www.securityfocus.com/archive/1/392626nvdPatch
- www.securityfocus.com/bid/12754nvdPatch
- www.xoops.org/modules/news/article.phpnvdPatch
- exchange.xforce.ibmcloud.com/vulnerabilities/19634nvd
News mentions
0No linked articles in our index yet.