Arbitrary File Upload Vulnerability in RUNCMS 1.1A and e-Xoops

Arbitrary File Upload Vulnerability in RUNCMS 1.1A and e-Xoops

CVE-2005-1031 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files.

Learn more about our Cms Pen Testing.