CVE-2005-0778

2005-03-2005:00:00

mitre

www.cve.org

6.9 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.6%

JSON

PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote attackers to inject arbitrary Javascript by uploading non-image files with an image extension such as .gif.

References

marc.info/?l=bugtraq&m=111065868402859&w=2

secunia.com/advisories/14576

www.securityfocus.com/bid/12779

exchange.xforce.ibmcloud.com/vulnerabilities/19679