VYPR
Unrated severityNVD Advisory· Published Aug 17, 2005· Updated Jun 16, 2026

CVE-2005-2614

CVE-2005-2614

Description

Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that include .php.

Affected products

2
  • Discuz/Discuz\!2 versions
    cpe:2.3:a:crosscom_olicom:discuz:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:crosscom_olicom:discuz:*:*:*:*:*:*:*:*range: <=4.0_rc4
    • (no CPE)range: = 4.0 rc4

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.