Zorum < 3.6.0 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 2692
SynopsisThe remote web server contains a PHP application that is affected by numerous flaws. The remote host is running Zorum, an open-source electronic forum written in PHP. The version of Zorum installed on the remote host is prone to several vulnerabilities. Namely:
DescriptionAn attacker can execute arbitrary shell commands by means of specially-crafted arguments to the 'argv' parameter of the 'gorum/prod.php' script provided that PHP's 'register_globals' setting is enabled and 'register_argc_argv' is disabled.
An attacker can adjust the 'id' parameter to the 'index.php' script after authentication, setting it to that of another currently authenticated user to gain their privileges.
An attacker can insert SQL code in the 'Search in messages created by user' box as well as the 'rollid' parameter to trigger an SQL error and possibly manipulate SQL queries if PHP's 'magic_quotes' is disabled.
The 'list', 'method', and 'frommethod' parameters of the 'index.php' script are not sanitized properly, allowing a remote attacker to inject arbitrary HTML or script code in a user's browser in the context of the affected web site, resulting in theft of authentication data or other such attacks.
SolutionUpgrade to version 3.6.0 or higher.