Vulnerabilities > CVE-2005-2607 - Remote File Include vulnerability in PHPsimplicity Simplicity of Upload 1.3

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

phpsimplicity

nessus

NVD

Published: 2005-08-17

Updated: 2008-09-05

Summary

PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 allows remote attackers to include arbitrary local and remote files via the language parameter and a terminating null ("%00") characters. Download new version of program at http://www.phpsimplicity.com/scripts.php?id=3.

Vulnerable Configurations

Part	Description	Count
Application	Phpsimplicity Phpsimplicity Simplicity OF Upload 1.3	1

Nessus

NASL family	CGI abuses
NASL id	SFU_LANGUAGE_FILE_INCLUDES.NASL
description	The remote host is running Simplicity oF Upload, a free PHP script to manage file uploads. The version of Simplicity oF Upload installed on the remote host fails to sanitize user-supplied input to the
last seen	2020-06-01
modified	2020-06-02
plugin id	19334
published	2005-08-01
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/19334
title	Simplicity oF Upload download.php language Parameter Local File Inclusion

Summary

Vulnerable Configurations

Nessus

References