Arbitrary PHP Code Execution via Avatar Upload in FUD Forum before 2.7.0

Arbitrary PHP Code Execution via Avatar Upload in FUD Forum before 2.7.0

CVE-2005-2781 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.

Learn more about our Web Application Penetration Testing UK.