Description
dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program.
Products
- DCScripts DCForum 1.0
- DCScripts DCForum 2.0
- DCscripts DCForum 3.0
- DCscripts DCForum 4.0
- DCscripts DCForum 5.0
- DCscripts DCForum 6.0
- DCscripts DCForum 2000 1.0
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2001-0436, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2001-0436 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References