Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Zorum < 3.6.0 Multiple Vulnerabilities

High

Synopsis

The remote web server contains a PHP application that is affected by numerous flaws. The remote host is running Zorum, an open-source electronic forum written in PHP. The version of Zorum installed on the remote host is prone to several vulnerabilities. Namely:

Description

An attacker can execute arbitrary shell commands by means of specially-crafted arguments to the 'argv[1]' parameter of the 'gorum/prod.php' script provided that PHP's 'register_globals' setting is enabled and 'register_argc_argv' is disabled.

An attacker can adjust the 'id' parameter to the 'index.php' script after authentication, setting it to that of another currently authenticated user to gain their privileges.

An attacker can insert SQL code in the 'Search in messages created by user' box as well as the 'rollid' parameter to trigger an SQL error and possibly manipulate SQL queries if PHP's 'magic_quotes' is disabled.

The 'list', 'method', and 'frommethod' parameters of the 'index.php' script are not sanitized properly, allowing a remote attacker to inject arbitrary HTML or script code in a user's browser in the context of the affected web site, resulting in theft of authentication data or other such attacks.

Solution

Upgrade to version 3.6.0 or higher.