upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Dcforum | Dcscripts | 2.0 | 2.0 |
Dcforum_2000 | Dcscripts | 1.0 | 1.0 |
Dcforum | Dcscripts | 1.0 | 1.0 |
Dcforum | Dcscripts | 3.0 | 3.0 |
Dcforum | Dcscripts | 5.0 | 5.0 |
Dcforum | Dcscripts | 6.0 | 6.0 |
Dcforum | Dcscripts | 4.0 | 4.0 |