Zeroboard zero_vote multiple PHP file include

zeroboard-zero-vote-file-include (18893) The risk level is classified as HighHigh Risk

Description:

Zeroboard could allow a remote attacker to include malicious PHP files, caused by a vulnerability in the zero_vote theme. A remote attacker could exploit this vulnerability by sending a specially-crafted URL to the login.php, setup.php or ask_password.php script that uses the 'dir' parameter to specify a malicious file from a remote system, which would allow the attacker to execute code on the vulnerable system with privileges of the Web service.

Platforms Affected:

  • Various vendors, Unix Seventh Edition
  • Zeroboard, Zeroboard 4.1pl5 and prior

Remedy:

Upgrade to the latest version of Zeroboard (4.1pl6 or later), available from the Zeroboard Web site. See References.

Consequences:

Gain Access

References:

  • BugTraq Mailing List, Thu Jan 13 2005 - 01:22:13 CST , STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities at http://archives.neohapsis.com/archives/bugtraq/2005-01/0156.html.
  • Zeroboard Web site, NZEO.COM ver4 - for Sitebuilder at http://www.nzeo.com/?channel=zeroboard.
  • BID-12206: Zeroboard DIR Parameter Remote File Include Vulnerabilities
  • BID-12258: Zeroboard Print_Category.PHP Remote File Include Vulnerability
  • CVE-2005-0380: Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code.
  • OSVDB ID: 12928: ZeroBoard print_category.php Arbitrary Command Execution
  • OSVDB ID: 12929: ZeroBoard login.php Arbitrary Command Execution
  • OSVDB ID: 12930: ZeroBoard setup.php Arbitrary Command Execution
  • OSVDB ID: 12931: ZeroBoard ask_password.php Arbitrary Command Execution
  • OSVDB ID: 12932: ZeroBoard error.php Arbitrary Command Execution
  • SA13769: Zeroboard Multiple Vulnerabilities
  • SECTRACK ID: 1012884: Zeroboard Discloses Files to Remote Users and Lets Remote Users Execute Arbitrary Commands

Reported:

Jan 13, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page