Splatt Forums < 4.0 Unspecified Authentication Bypass

Critical Nessus Network Monitor Plugin ID 3264

Synopsis

The remote host is vulnerable to an flaw that allows attackers to execute arbitrary commands.

Description

The remote host is running Splatt, an online forum. This version of Splatt is vulnerable to an authentication bypass flaw. An attacker exploiting this flaw would be able to execute administrative commands without authentication.

Solution

Upgrade to version 4.0 or higher.

Plugin Details

Severity: Critical

ID: 3264

Family: CGI

Published: 2005/10/21

Modified: 2018/09/16

Dependencies: 1442

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:splatt:splatt_forum

Reference Information

CVE: CVE-2005-3282

BID: 15152