Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> Multiple Remote Vulnerabilities in Zorum <= 3.5


Vulnerability Assessment Details

Multiple Remote Vulnerabilities in Zorum <= 3.5

Vulnerability Assessment Summary
Checks for multiple remote vulnerabilities in Zorum <= 3.5

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server contains a PHP application that is affected by
numerous flaws.

Description :

The remote host is running Zorum, an open-source electronic forum
written in PHP.

The version of Zorum installed on the remote host is prone to numerous
flaws, including remote code execution, privilege escalation, and SQL
injection.

See also :

http://securitytracker.com/id?1013365
http://retrogod.altervista.org/zorum.html
http://pridels.blogspot.com/2005/11/zorum-forum-35-rollid-sql-inj-vuln.html
http://pridels.blogspot.com/2006/06/zorum-forum-35-vuln.html

Solution :

Remove the software as it is no longer maintained.

Network Security Threat Level:

High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)

Networks Security ID: 12777, 14601, 16131, 18681

Vulnerability Assessment Copyright: This script is Copyright (C) 2005-2007 Tenable Network Security

Cables, Connectors

REF Cisco A9K-1.5KW-DC 1.5kW DC Power Module
$3500.0
REF Cisco A9K-1.5KW-DC 1.5kW DC Power Module picture(TEG-240WS) Switch - 24 ports - managed Gigabit Ethernet 24 x 10/100/1000 Flow c
$39.95
(TEG-240WS) Switch - 24 ports - managed Gigabit Ethernet 24 x 10/100/1000 Flow c pictureHPE 1920S 24G 2Sfpb Switch Us
$79.0
HPE 1920S 24G 2Sfpb Switch Us picture


Discussions

No Discussions have been posted on this vulnerability.