CastleCops® - Splatt Forum 4.0 for PHP-Nuke 6.0 Multiple Vulnerabilities

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Advisories!: Splatt Forum 4.0 for PHP-Nuke 6.0 Multiple Vulnerabilities

BBS - Portals

Frame4 Security Advisory [FSA-2003:001]

Product : Splatt Forum 4.0 for PHP-Nuke 6.0
Product/Vendor URI : http://www.splatt.it/
Type: Vulnetablility / Exploit
Impact : Medium
Summary : Multiple Vulnerabilities in Splatt Forum 4.0
Disovery Date : 26/03/2003
Public Release : 01/05/2003
Affected Versions(S): Splatt Forum 4.0 (as of discovery date)
Fixed Versions(S) : Splatt Forum 4.0 Fix 1 (not tested)
Vendor Notified : No

We have discovered two vulnerabilities in the vanilla version of Splatt Forum 4.0 for PHP-Nuke 6.0; an XSS Vulnerability and an HTML/Code Injection Flaw.

The vulnerabilities and accompanying exploits were discovered and executed upon only one web site, and verified by Webmaster (webmaster@frame4.com).

Advisory URI:

http://frame4.com/php/modules.php?
name=News&file=categories&op=newindex&catid=4
http://www.frame4.com/content/advisories/FSA-2003-001.txt

Full Details
Help Net Security

Posted on Thursday, 01 May 2003 @ 23:11:26 UTC by cj (1648 reads)
[ Trackback ]

"Advisories!: Splatt Forum 4.0 for PHP-Nuke 6.0 Multiple Vulnerabilities" | Login/Create an Account | 0 comments

The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

	Login

	Nickname Password Security Code: Type Security Code: Usage signifies AUP acceptance · New User? · Click here to create a registered account.

	Related Links

	· del.icio.us! · digg it! · reddit! · TrackBack (0) · PHP HomePage · PHP-Nuke · HotScripts · W3 Consortium · HTML Standard · More about BBS - Portals · News by cj Most read story about BBS - Portals: XSS Exploit Patch 1.0.0 for PHPNuke and phpbb2 port

	Article Rating

	Average Score: 0 Votes: 0 Please take a second and vote for this article:

	Options

	Printer Friendly Page


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 102ppm 0.107s (0.007s) Making cybercriminals unhappy since 2002*