| VID |
21236 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Zeroboard login.php allows remote attackers to execute arbitrary commands.
Zeroboard is a PHP web board package available for the Linux and Unix platforms. Zeroboard is one of popular PHP web boards in Korea.
Under some circumstances, it may be possible to include arbitrary PHP files. The login.php file does not sufficiently check input. When the "id" variable in login.php script is not passed as a user parameter, $file variable can be set as an attacker's choice. It allows the attacker to load a PHP include file from a remote URL via the login.php script.
* References:
http://kert.knu.ac.kr/board/read.php?table=incidentNote&no=77&page=1
* Platforms Affected:
Zeroboard 4.1 ~ 4.1 pl2
UNIX/Linux Any version |
| Recommendation |
Modify login.php script like the following:
line 15: include $file;
To
if($id) include $file; |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
