Zeroboard Flaws (2) Network Vulnerability

Summary

The remote web server contains several PHP scripts that are prone to arbitrary PHP code execution and file disclosure attacks. Description : The remote host runs Zeroboard, a web BBS application popular in Korea. The remote version of this CGI is vulnerable to multiple flaws which may allow an attacker to execute arbitrary PHP commands on the remote host by including a PHP file hosted on a third-party server, or to read arbitrary files with the privileges of the remote web server.

Solution

Upgrade to Zeroboard 4.1pl6 or later.

References

http://marc.theaimsgroup.com/?l=bugtraq&m=110565373407474&w=2

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-0380
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AjaxPortal 'di.php' File Inclusion Vulnerability
Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
ActivePerl perlIS.dll Buffer Overflow
Apache Tomcat /servlet Cross Site Scripting
AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities

Zeroboard flaws (2)

Take action and discover your vulnerabilities