Vulnerabilities > CVE-2005-1047 - Unspecified vulnerability in PHPbb Group PHPbb
Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory.
|NASL family||CGI abuses|
|description||The installed version of phpBB on the remote host includes a file upload script intended as a way for users to upload files that they can then link to in their posts. The script, however, does not require authentication, makes only a limited check of upload file types, and stores uploads in a known location. As a result, an attacker can upload arbitrary scripts to the remote host and execute them with the permissions of the web server user.|
|reporter||This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.|
|title||phpBB up.php Arbitrary File Upload|