Lucene search

[email protected]CVE-2005-1580

HistoryOct 03, 2022 - 4:22 p.m.

CVE-2005-1580

2022-10-0316:22:43

[email protected]

web.nvd.nist.gov

boastmachine 3.0

users.ini.php

remote code execution

cve-2005-1580

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.2%

JSON

users.ini.php in BoastMachine 3.0 does not properly restrict the types of files that can be uploaded, which allows remote attackers to execute arbitrary code.

Affected configurations

NVD

Node

boastmachineboastmachineMatch3.0platinum

CPENameOperatorVersion
boastmachine:boastmachineboastmachineeq3.0

CPE	Name	Operator	Version
boastmachine:boastmachine	boastmachine	eq	3.0

References

secunia.com/advisories/15312

www.kernelpanik.org/docs/kernelpanik/bmachines.txt

www.osvdb.org/16334

www.securityfocus.com/bid/13600

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.2%

JSON

Related for CVE-2005-1580

nessus1 cvelist1 nvd1