|
Family: CGI abuses --> Category: infos
Zeroboard flaws (2) Vulnerability Scan
Vulnerability Scan Summary Checks for Zeroboard flaws
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains several PHP scripts that are prone to
arbitrary PHP code execution and file disclosure attacks.
Description :
The remote host runs Zeroboard, a web BBS application popular in Korea.
The remote version of this CGI is vulnerable to multiple flaws which may
allow a possible hacker to execute arbitrary PHP commands on the remote host
by including a PHP file hosted on a third-party server, or to read
arbitrary files with the rights of the remote web server.
See also :
http://marc.theaimsgroup.com/?l=bugtraq&m=110565373407474&w=2
Solution:
Upgrade to Zeroboard 4.1pl6 or later.
Threat Level:
Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|