http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200508-012

WebsiteBakerProject不能正确地验证上传文件的文件扩展名。这使得远程攻击者可以进行上传并执行任意的PHP代码。

ExternalSource:XFName:website-baker-adminmedia-file-upload(21634)Hyperlink:http://xforce.iss.net/xforce/xfdb/21634ExternalSource:BIDName:14406Hyperlink:http://www.securityfocus.com/bid/14406ExternalSource:OSVDBName:18345Hyperlink:http://www.osvdb.org/18345ExternalSource:SECUNIAName:16263Hyperlink:http://secunia.com/advisories/16263ExternalSource:BUGTRAQName:20050728WebsiteBakerProjectMultipleVulnerabilitiesHyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m;=112260471228762&w;=2