Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

BoastMachine < 3.1 users.inc.php Arbitrary File Upload



The remote host is vulnerable to a 'file upload' flaw.


The remote host is running BoastMachine, a blogging software. This version of BoastMachine is vulnerable to a flaw in the users.inc.php script. Specifically, a remote user can pass a specially formatted HTTP request to the BoastMachine script and cause it to upload unsafe files. After upload, the attacker can then execute the files with the permissions of the web server. In addition, the attacker can leave malicious scripts that are executed by unsuspecting users who browse the web page.


Upgrade to version 3.1 or higher.