Summary
The remote web server contains several PHP scripts that are prone to arbitrary PHP code execution and cross-site scripting attacks.
Description :
The remote host runs Zeroboard, a web BBS application popular in Korea.
The remote version of this software is vulnerable to cross-site scripting and remote script injection due to a lack of sanitization of user-supplied data.
Successful exploitation of this issue may allow an attacker to execute arbitrary code on the remote host or to use it to perform an attack against third-party users.
Solution
Upgrade to Zeroboard 4.1pl5 or later.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2004-1419 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Rave User Information Disclosure Vulnerability
- Apache Archiva Cross Site Request Forgery Vulnerability
- Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability