CVE-2001-0436 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2001-0436

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program.

Affected Software

Name	Vendor	Start Version	End Version
Dcforum	Dcscripts	1.0 (including)	1.0 (including)
Dcforum	Dcscripts	2.0 (including)	2.0 (including)
Dcforum	Dcscripts	3.0 (including)	3.0 (including)
Dcforum	Dcscripts	4.0 (including)	4.0 (including)
Dcforum	Dcscripts	5.0 (including)	5.0 (including)
Dcforum	Dcscripts	6.0 (including)	6.0 (including)
Dcforum_2000	Dcscripts	1.0 (including)	1.0 (including)

References

http://archives.neohapsis.com/archives/bugtraq/2001-04/0269.html
http://www.dcscripts.com/FAQ/sec_2001_03_31.html
http://www.osvdb.org/3862
http://www.securityfocus.com/bid/2611
https://exchange.xforce.ibmcloud.com/vulnerabilities/6392