Intrusion Prevention

Zeroboard.Command.Injection

Description

zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting, when using the preg_replace function.

Affected Products

Zeroboard Zeroboard 4.1 pl5
Zeroboard Zeroboard 4.1 pl4
Zeroboard Zeroboard 4.1 pl3
Zeroboard Zeroboard 4.1 pl2

Impact

Execute arbitrary PHP code

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://www.zeroboard.com/

CVE References

CVE-2005-1820