PT-2005-2559 · Boastmachine · Boastmachine

Published

2005-05-11

Updated

2008-09-05

CVE-2005-1580

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions BoastMachine version 3.0

Description The issue allows remote attackers to execute arbitrary code due to a lack of proper restriction on the types of files that can be uploaded through the users.ini.php file.

Recommendations For BoastMachine version 3.0, restrict access to the file upload functionality to minimize the risk of exploitation. Consider implementing proper file type validation and sanitization to prevent the upload of malicious files.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1580

Affected Products

Boastmachine

PT-2005-2559 · Boastmachine · Boastmachine

CVE-2005-1580

Related Identifiers

Affected Products

References · 6