CVE-2005-1820

Zeroboard 4.1pl2-4.1pl5 - Remote Code Execution via preg_replace Function

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1820. PoCs published by n0gada.

AI-analyzed exploit summary This exploit targets a preg_replace vulnerability in Zeroboard 4.1 pl2 to pl5, allowing remote command execution by uploading a malicious PHP script via crafted form data. The exploit automates the process of writing a post, exploiting the vulnerability, confirming the backdoor, and cleaning up.

Description

zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting when using the preg_replace function.

Exploits (1)

exploitdb WORKING POC VERIFIED
by n0gada · cwebappsphp
https://www.exploit-db.com/exploits/1020

This exploit targets a preg_replace vulnerability in Zeroboard 4.1 pl2 to pl5, allowing remote command execution by uploading a malicious PHP script via crafted form data. The exploit automates the process of writing a post, exploiting the vulnerability, confirming the backdoor, and cleaning up.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Zeroboard 4.1 pl2 - 4.1 pl5
No auth needed
Prerequisites: Target running vulnerable Zeroboard version · Network access to the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13823

Scores

EPSS 0.0266
EPSS Percentile 83.7%

Details

Status published
Products (4)
zeroboard/zeroboard 4.1_pl2
zeroboard/zeroboard 4.1_pl3
zeroboard/zeroboard 4.1_pl4
zeroboard/zeroboard 4.1_pl5
Published Jun 01, 2005
Tracked Since Feb 18, 2026