CVE-2001-0436 | Vulnerability Database | Aqua Security

dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program.

Affected Software

Name	Vendor	Start Version	End Version
Dcforum	Dcscripts	1.0 (including)	1.0 (including)
Dcforum	Dcscripts	2.0 (including)	2.0 (including)
Dcforum	Dcscripts	3.0 (including)	3.0 (including)
Dcforum	Dcscripts	4.0 (including)	4.0 (including)
Dcforum	Dcscripts	5.0 (including)	5.0 (including)
Dcforum	Dcscripts	6.0 (including)	6.0 (including)
Dcforum_2000	Dcscripts	1.0 (including)	1.0 (including)

References

http://archives.neohapsis.com/archives/bugtraq/2001-04/0269.html
http://www.dcscripts.com/FAQ/sec_2001_03_31.html
http://www.osvdb.org/3862
http://www.securityfocus.com/bid/2611
https://exchange.xforce.ibmcloud.com/vulnerabilities/6392
http://archives.neohapsis.com/archives/bugtraq/2001-04/0269.html
http://www.dcscripts.com/FAQ/sec_2001_03_31.html
http://www.osvdb.org/3862
http://www.securityfocus.com/bid/2611
https://exchange.xforce.ibmcloud.com/vulnerabilities/6392

NVD	https://nvd.nist.gov/vuln/detail/CVE-2001-0436
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html