Splatt Forums < 4.0 Unspecified Authentication Bypass

critical Nessus Network Monitor Plugin ID 3264

Synopsis

The remote host is vulnerable to an flaw that allows attackers to execute arbitrary commands.

Description

The remote host is running Splatt, an online forum. This version of Splatt is vulnerable to an authentication bypass flaw. An attacker exploiting this flaw would be able to execute administrative commands without authentication.

Solution

Upgrade to version 4.0 or higher.

Plugin Details

Severity: Critical

ID: 3264

Family: CGI

Published: 10/21/2005

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:splatt:splatt_forum

Reference Information

CVE: CVE-2005-3282

BID: 15152

Detections

Analytics