Unrated severityNVD Advisory· Published Jun 6, 2005· Updated Apr 16, 2026

CVE-2005-1881

Description

upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code.

Affected products

Yapig/Yapig3 versions
cpe:2.3:a:yapig:yapig:0.92b:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:yapig:yapig:0.92b:*:*:*:*:*:*:*
- cpe:2.3:a:yapig:yapig:0.93u:*:*:*:*:*:*:*
- cpe:2.3:a:yapig:yapig:0.94u:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

securitytracker.com/idnvdBroken LinkExploitThird Party AdvisoryVDB EntryVendor Advisory
secunia.com/advisories/15600/nvdBroken LinkVendor Advisory
secwatch.org/advisories/secwatch/20050530_yapig.txtnvdBroken LinkVendor Advisory
www.osvdb.org/17115nvdBroken LinkVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000