PT-2001-1651 · Dcforum · Dcforum 2000

Published

2001-05-24

Updated

2017-12-19

CVE-2001-0436

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions DCForum 2000 version 1.0

Description The issue allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program.

Recommendations For DCForum 2000 version 1.0, consider restricting access to the dcboard.cgi script until a patch is available, and avoid using the AZ parameter with .. (dot dot) notation to prevent exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0436

Affected Products

Dcforum 2000

PT-2001-1651 · Dcforum · Dcforum 2000

CVE-2001-0436

Related Identifiers

Affected Products

References · 6