CVE-2002-1704 Information
Feb 14, 2021
cve
Description
Zeroboard 4.1 when the \allow_url_fopen\ and \register_globals\ variables are enabled allows remote attackers to execute arbitrary PHP code by modifying the _zb_path parameter to reference a URL on a remote web server that contains the code.
Reference
http://online.securityfocus.com/archive/1/277126
http://www.securityfocus.com/bid/5028
https://exchange.xforce.ibmcloud.com/vulnerabilities/9366
Zeroboard
4.1
when
the
\allow_url_fopen
and
\register_globals
variables
are
enabled
allows
remote
attackers
to
execute
arbitrary
PHP
code
by
modifying
the
_zb_path
parameter
to
reference
a
URL
on
a
remote
web
server
that
contains
the
code.