Skip to content
Low Published: May 02, 2005 Modified: Apr 03, 2025

CVE-2005-0254

3.7 CVSS Score Low
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Export CVE-2005-0254 Data:
Share:
Link copied!

Description

BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files.

CVSS Vector Details

Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Low
Availability None

Affected Software Configurations

  • a guillaumegardey biborb 1.3.2 - * * * * * *
  • a guillaumegardey biborb 1.3.2 rc * * * * * *

Weaknesses (CWE)

  • CWE-434
  • CWE-434

References & External Links

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

Related Vulnerabilities

CVE-2001-0340 CVSS 0 Same weakness: CWE-434 CVE-2001-1099 CVSS 0 Same weakness: CWE-434 CVE-2001-0901 CVSS 0 Same weakness: CWE-434 CVE-2002-1841 CVSS 0 Same weakness: CWE-434 CVE-2004-2262 CVSS 0 Same weakness: CWE-434

CVE History Timeline

Jun 06, 2005 17:13 Initial Analysis
Oct 18, 2016 03:09 CVE Modified
Jan 26, 2024 19:07 Modified Analysis
Feb 02, 2024 16:44 Reanalysis
May 14, 2024 01:28 CVE Modified
Nov 20, 2024 23:54 CVE Modified
Jan 16, 2025 18:15 CVE Modified
← Back to CVE Tracker