Vulnerabilities > CVE-2005-1820 - Remote Command Execution vulnerability in Zeroboard Preg_replace

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

zeroboard

exploit available

NVD

Published: 2005-06-01

Updated: 2008-09-05

Summary

zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting when using the preg_replace function.

Vulnerable Configurations

Part	Description	Count
Application	Zeroboard Zeroboard Zeroboard 4.1_Pl2 Zeroboard Zeroboard 4.1_Pl3 Zeroboard Zeroboard 4.1_Pl4 Zeroboard Zeroboard 4.1_Pl5	4

Exploit-Db

description	Zeroboard 4.1 preg_replace Remote nobody Shell Exploit. CVE-2005-1820. Webapps exploit for php platform
id	EDB-ID:1020
last seen	2016-01-31
modified	2005-05-31
published	2005-05-31
reporter	n0gada
source	https://www.exploit-db.com/download/1020/
title	Zeroboard 4.1 preg_replace Remote nobody Shell Exploit

Summary

Vulnerable Configurations

Exploit-Db

References