Unrated severityNVD Advisory· Published Dec 11, 2005· Updated Jun 16, 2026
CVE-2005-4171
CVE-2005-4171
Description
The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the image validity check but executes any PHP code within the file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
7- archives.neohapsis.com/archives/bugtraq/2005-11/0301.htmlnvdExploitVendor Advisory
- rgod.altervista.org/efiction2_xpl.htmlnvdExploitVendor Advisory
- secunia.com/advisories/17777nvdExploitVendor Advisory
- securitytracker.com/idnvdExploit
- www.securityfocus.com/bid/15568nvdExploit
- www.efiction.wallflowergirl.com/forums/viewtopic.phpnvd
- www.osvdb.org/21124nvd
News mentions
0No linked articles in our index yet.