CVE-2005-0379

Name of the Vulnerable Software and Affected Versions ZeroBoard versions 4.1pl5 and earlier

Description The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in the zb path parameter to head.php or outlogin.php, or the dir parameter to write.php.

Recommendations For ZeroBoard versions 4.1pl5 and earlier, consider restricting access to the head.php, outlogin.php, and write.php files until a patch is available. As a temporary workaround, avoid using the zb path and dir parameters in the affected API endpoints.