Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1419

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2004-1419
Last Modified 05 Sep 2008 04:41:18
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-1419

Summary

PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code.

Vulnerable Systems

Application

  • Zeroboard 4.1 Pl2

  • Zeroboard 4.1 Pl3

  • Zeroboard 4.1 Pl4


References

BUGTRAQ - 20041224 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard

FULLDISC - 20041223 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard

XF - zeroboard-write-file-include(18679)

XF - zeroboard-outlogin-file-include(18677)

BID - 12103

OSVDB - 12581

OSVDB - 12580

SECTRACK - 1012677

SECUNIA - 13649


Last Updated: 27 May 2016 10:39:01