Summary
The remote web server contains several PHP scripts that are prone to arbitrary PHP code execution and file disclosure attacks.
Description :
The remote host runs Zeroboard, a web BBS application popular in Korea.
The remote version of this CGI is vulnerable to multiple flaws which may allow an attacker to execute arbitrary PHP commands on the remote host by including a PHP file hosted on a third-party server, or to read arbitrary files with the privileges of the remote web server.
Solution
Upgrade to Zeroboard 4.1pl6 or later.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2005-0380 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities