CVE-2005-3767 Information

Description

Exponent CMS 0.96.3 and later versions does not properly restrict the types of uploaded files which allows remote attackers to upload and execute PHP files.

Reference

http://secunia.com/advisories/17505 http://secunia.com/advisories/17655 http://www.securityfocus.com/archive/1/417218 http://www.securityfocus.com/bid/15391 https://exchange.xforce.ibmcloud.com/vulnerabilities/23113