Zeroboard v.4.1.pl5 Multiple Remoote File Inclusion Security VulnerabilityDescription1) Input passed to the "dir" parameter in "error.php", "login.php", "setup.php", "ask_password.php" and "print_category.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources. 2) Input passed to the "_zb_path" parameter in "_head.php" and "outlogin.php", and "dir" parameter in "write.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources. 3) Input passed to the "sn1", "page", and "year" parameters in "zboard.php" and the "filename" parameter in "view_image.php" is not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site. 4) Input passed to the "keyword" parameter isn't properly sanitised before being used in a "preg_replace()" call. This can be exploited to execute arbitrary PHP code. Successful exploitation requires that "register_globals" is enabled. Confirmed in version 4.1.pl5. Other versions may also be affected. Impact The remote attacker can include arbitrary files from local or external resources. References Original Advisory Product Homepage View entire list of over 400 known Web Application Vulnerabilities and the specific technologies which they target. See Web Vulnerabilities in popular applications such as: WordPress, Tiki Wiki, PHPNuke, PHPMyAdmin, phpBB, Mambo, PHP-Fusion, Mantis, Invision Power Board Get latest new web vulnerabilities via RSS |
|
