CVE-2005-1200

Name of the Vulnerable Software and Affected Versions AZ Bulletin Board (AZbb) versions 1.0.07a through 1.0.07c

Description The issue allows remote attackers to execute arbitrary PHP code by modifying the dir src or abs layer parameter to reference a URL on a remote web server that contains the code.

Recommendations For AZ Bulletin Board (AZbb) versions 1.0.07a through 1.0.07c, consider restricting access to the main index.php file until a patch is available. As a temporary workaround, avoid using the dir src and abs layer parameters in the affected file to minimize the risk of exploitation.