Zeroboard DIR Parameter Remote File Include Vulnerabilities

Multiple remote file include vulnerabilities affect Zeroboard. These issues are due to a failure of the application to properly sanitize user-supplied input through the 'dir' parameter prior to using it in a PHP 'include()' function call.

An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.

All versions of Zeroboard are considered vulnerable at the moment.


Privacy Statement
Copyright 2010, SecurityFocus