CVE-2005-0380

Name of the Vulnerable Software and Affected Versions ZeroBoard versions 4.1pl5 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code. This is possible due to multiple PHP remote file inclusion vulnerabilities in several PHP files, including print category.php, login.php, setup.php, ask password.php, and error.php.

Recommendations For ZeroBoard versions 4.1pl5 and earlier, consider restricting access to the vulnerable PHP files until a patch is available. As a temporary workaround, avoid using the dir parameter in the affected files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.