cbcvebase.
CVE-2005-4171
published 2005-12-11

CVE-2005-4171: The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP…

PriorityP348high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
7.90%
94.0th percentile
The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the image validity check but executes any PHP code within the file.

Affected

1 ranges
VendorProductVersion rangeFixed in
efiction_projectefiction
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.