PT-2005-1452 · Zeroboard · Zeroboard

Jeremy Bae

Published

2005-02-13

Updated

2017-07-11

CVE-2005-0379

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions ZeroBoard versions 4.1pl5 and earlier

Description The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in the zb path parameter to head.php or outlogin.php, or the dir parameter to write.php.

Recommendations For ZeroBoard versions 4.1pl5 and earlier, consider restricting access to the head.php, outlogin.php, and write.php files until a patch is available. As a temporary workaround, avoid using the zb path and dir parameters in the affected API endpoints.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0379

Affected Products

Zeroboard

PT-2005-1452 · Zeroboard · Zeroboard

CVE-2005-0379

Related Identifiers

Affected Products

References · 5