汇总 zeroboard 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
历史漏洞主要涉及 跨站脚本与路径处理缺陷 等问题,部分漏洞可能导致 会话劫持,并影响 生产负载与软件部署 相关场景。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2006-3070 | write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php. | [email protected] | 5.0 | 1.62% | 2006-06-19 | 2026-06-16 |
| CVE-2006-1222 | Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields. | [email protected] | 4.3 | 1.76% | 2006-03-14 | 2026-06-16 |
| CVE-2005-1820 | zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting when using the preg_replace function. | [email protected] | 7.5 | 2.66% | 2005-06-01 | 2026-06-16 |
| CVE-2005-0380 | Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code. | [email protected] | 7.5 | 4.43% | 2005-05-02 | 2026-06-16 |
| CVE-2005-0379 | Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the _zb_path parameter to (1) _head.php or (2) outlogin.php, or the dir parameter to (3) write.php. | [email protected] | 5.0 | 1.76% | 2005-05-02 | 2026-06-16 |
| CVE-2005-0495 | Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the (1) sn1, (2) year, or (3) page parameter to zboard.php or (4) filename to view_image.php. | [email protected] | 4.3 | 1.16% | 2005-02-19 | 2026-06-16 |
| CVE-2004-2738 | Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroBoard 4.1pl4 and earlier allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. | [email protected] | 4.3 | 1.92% | 2004-12-31 | 2026-06-16 |
| CVE-2004-1419 | PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code. | [email protected] | 6.8 | 2.42% | 2004-12-31 | 2026-06-16 |
| CVE-2002-1704 | Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" variables are enabled, allows remote attackers to execute arbitrary PHP code by modifying the _zb_path parameter to reference a URL on a remote web server that contains the code. | [email protected] | 5.0 | 2.33% | 2002-12-31 | 2026-06-16 |