CVE-2002-1704

Name of the Vulnerable Software and Affected Versions Zeroboard version 4.1

Description The issue allows remote attackers to execute arbitrary PHP code when the allow url fopen and register globals variables are enabled. This is achieved by modifying the zb path parameter to reference a URL on a remote web server that contains the code.

Recommendations For Zeroboard version 4.1, consider disabling the allow url fopen and register globals variables to prevent exploitation. As a temporary workaround, restrict the modification of the zb path parameter to minimize the risk of arbitrary PHP code execution.