BoastMachine < 3.1 Arbitrary File Upload

Medium Nessus Network Monitor Plugin ID 2897


The remote host is vulnerable to a 'file upload' flaw.


The remote host is running BoastMachine, a blogging software. This version of BoastMachine is vulnerable to a flaw in the script. Specifically, a remote user can pass a specially formatted HTTP request to the BoastMachine script and cause it to upload unsafe files. After upload, the attacker can then execute the files with the permissions of the web server. In addition, the attacker can leave malicious scripts that are executed by unsuspecting users who browse the web page.


Upgrade to version 3.1 or higher.

See Also

Plugin Details

Severity: Medium

ID: 2897

Family: CGI

Published: 2005/05/11

Modified: 2018/07/11

Dependencies: 1442

Nessus ID: 18247

Risk Information

Risk Factor: Medium


Base Score: 6.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:U/RC:ND


Base Score: 6.2

Temporal Score: 6.2


Temporal Vector: CVSS3#E:H/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:boastmachine:boastmachine

Reference Information

CVE: CVE-2005-1580

BID: 13600