|
|
Family: CGI abuses --> Category: attack
Multiple Remote Vulnerabilities in Zorum <= 3.5 Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple remote vulnerabilities in Zorum <= 3.5
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
numerous flaws.
Description :
The remote host is running Zorum, an open-source electronic forum
written in PHP.
The version of Zorum installed on the remote host is prone to numerous
flaws, including remote code execution, privilege escalation, and SQL
injection.
See also :
http://securitytracker.com/id?1013365
http://retrogod.altervista.org/zorum.html
http://pridels.blogspot.com/2005/11/zorum-forum-35-rollid-sql-inj-vuln.html
http://pridels.blogspot.com/2006/06/zorum-forum-35-vuln.html
Solution :
Remove the software as it is no longer maintained.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
