CVE-2005-1047 : Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit t

Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory.

Published 2005-04-07 04:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2005-1047

Phpbb Group » Phpbb » Version: 2.0 Beta1
cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0 Rc1
cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0 Rc2
cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0 Rc3
cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0.0
cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0 Rc4
cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0.1
cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0.3
cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0.2
cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0.5
cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0.6
cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0.4
cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0.6c
cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0.8
cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0.8a
cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0.10
cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0.7a
cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0.9
cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0.6d
cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0.7
cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0.11
cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0.12
cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0.13
cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*
Matching versions
Phpbb Group » Phpbb » Version: 2.0.14
cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2005-1047

EPSS FAQ

0.98%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 75 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-1047

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2005-1047

http://marc.info/?l=bugtraq&m=111299353030534&w=2

'phpBB Upload Script "up.php" Arbitrary File Upload' - MARC
http://www.defacers.com.mx/advisories/2.txt

URL Repurposed
http://securitytracker.com/id?1013671

Vendor Advisory

Jump to

Vulnerability Details : CVE-2005-1047

Products affected by CVE-2005-1047

Exploit prediction scoring system (EPSS) score for CVE-2005-1047

CVSS scores for CVE-2005-1047

References for CVE-2005-1047