PT-2001-1733 · Dcscripts · Dcforum

Published

2001-08-14

Updated

2017-10-10

CVE-2001-0527

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: DCScripts DCForum versions 2000 and earlier

Description: The issue allows a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form. This action creates an extra entry in the registration database.

Recommendations: For DCScripts DCForum versions 2000 and earlier, as a temporary workaround, consider restricting access to the registration form until a patch is available. Avoid using the last name field in the registration form with unvalidated input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0527

Affected Products

Dcforum

PT-2001-1733 · Dcscripts · Dcforum

CVE-2001-0527

Related Identifiers

Affected Products

References · 7