Summary
The remote web server contains several PHP scripts that are prone to arbitrary PHP code execution and cross-site scripting attacks.
Description :
The remote host runs Zeroboard, a web BBS application popular in Korea.
The remote version of this software is vulnerable to cross-site scripting and remote script injection due to a lack of sanitization of user-supplied data.
Successful exploitation of this issue may allow an attacker to execute arbitrary code on the remote host or to use it to perform an attack against third-party users.
Solution
Upgrade to Zeroboard 4.1pl5 or later.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2004-1419 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- AdaptCMS 'init.php' Remote File Include Vulnerability
- aeNovo Database Content Disclosure Vulnerability
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities