Unrated severityNVD Advisory· Published May 2, 2005· Updated Jun 16, 2026
CVE-2005-0743
CVE-2005-0743
Description
The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered.
Affected products
18cpe:2.3:a:xoops:xoops:1.0_rc1:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:xoops:xoops:1.0_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:1.0_rc3:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:1.0_rc3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:1.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:1.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:1.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:1.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:xoops:xoops:2.0.9.2:*:*:*:*:*:*:*
- (no CPE)range: <=2.0.9.2
Patches
Vulnerability mechanics
References
5- secunia.com/advisories/14520nvdPatchVendor Advisory
- www.securityfocus.com/archive/1/392626nvdPatch
- www.securityfocus.com/bid/12754nvdPatch
- www.xoops.org/modules/news/article.phpnvdPatch
- exchange.xforce.ibmcloud.com/vulnerabilities/19634nvd
News mentions
0No linked articles in our index yet.