CVE-2005-1031 Information

Description

RUNCMS 1.1A and possibly other products based on e-Xoops (exoops) when \Allow custom avatar upload\ is enabled does not properly verify uploaded files which allows remote attackers to upload arbitrary files.

Reference

http://marc.info/?l=bugtraq&m=111280711228450&w=2 http://secunia.com/advisories/14869 http://www.runcms.org/public/modules/news/ http://www.securityfocus.com/bid/13027 https://exchange.xforce.ibmcloud.com/vulnerabilities/20001