CVE-2006-3070

Name of the Vulnerable Software and Affected Versions Zeroboard version 4.1 pl8

Description The issue allows remote attackers to bypass restrictions for uploading files with executable extensions. This is achieved by uploading a .htaccess file that includes an AddType directive, which assigns an executable module to files with assumed-safe extensions. For example, an attacker can assign the txt extension to be handled by application/x-httpd-php, effectively making .txt files executable.

Recommendations For Zeroboard version 4.1 pl8, consider disabling the upload of .htaccess files or restricting the use of the AddType directive in .htaccess files to prevent exploitation. Additionally, restrict access to the write ok.php file to minimize the risk of uploading malicious files.