CVE-2005-3764

The image gallery (imagegallery) component in Exponent CMS 0.96.3 and later versions does not properly check the MIME type of uploaded files, with unknown impact from the preview icon, possibly involving injection of HTML.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/17655	Vendor Advisory
http://www.securityfocus.com/archive/1/417218	Vendor Advisory
http://secunia.com/advisories/17655	Vendor Advisory
http://www.securityfocus.com/archive/1/417218	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:exponent:exponent:0.94:::::::*
	cpe:2.3:a:exponent:exponent:0.95:::::::*
	cpe:2.3:a:exponent:exponent:0.96.1:::::::*
	cpe:2.3:a:exponent:exponent:0.96.3:::::::*
	cpe:2.3:a:exponent:exponent:0.96.4:::::::*

History

21 Nov 2024, 00:02

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/17655 - Vendor Advisory~~	() http://secunia.com/advisories/17655 - Vendor Advisory
References	~~() http://www.securityfocus.com/archive/1/417218 - Vendor Advisory~~	() http://www.securityfocus.com/archive/1/417218 - Vendor Advisory

Information

Published : 2005-11-22 23:03

Updated : 2024-11-21 00:02

NVD link : CVE-2005-3764

Mitre link : CVE-2005-3764

CVE.ORG link : CVE-2005-3764

JSON object : View

Products Affected

exponent

exponent

CWE

NVD-CWE-Other

{"id": "CVE-2005-3764", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-11-22T23:03:00.000", "references": [{"url": "http://secunia.com/advisories/17655", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/417218", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/17655", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/417218", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The image gallery (imagegallery) component in Exponent CMS 0.96.3 and later versions does not properly check the MIME type of uploaded files, with unknown impact from the preview icon, possibly involving injection of HTML."}], "lastModified": "2024-11-21T00:02:37.530", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:exponent:exponent:0.94:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09503570-A3FD-4692-87F8-795D2F07ACF8"}, {"criteria": "cpe:2.3:a:exponent:exponent:0.95:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03041476-37D5-4DEB-8392-42806DF3DC70"}, {"criteria": "cpe:2.3:a:exponent:exponent:0.96.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B44A782D-CEA9-4C60-B855-D6CBEFF68C8E"}, {"criteria": "cpe:2.3:a:exponent:exponent:0.96.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86D560E5-82C3-4E4F-8F7A-757BA5F464FE"}, {"criteria": "cpe:2.3:a:exponent:exponent:0.96.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8675231-650C-4653-9C8D-7BE79DE83E38"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}