Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0527

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2001-0527
Last Modified 05 Sep 2008 04:24:19
Published 14 Aug 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0527

Summary

DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database.

Vulnerable Systems

Application

  • Dcscripts Dcforum 2000 1.0

  • Dcscripts Dcforum 6.0


References

XF - dcforum-cgi-admin-access(6538)

CONFIRM - http://www.dcscripts.com/dcforum/dcfNews/167.html

BUGTRAQ - 20010515 DCForum Password File Manipukation Vulnerability (qDefense Advisory Number QDAV-5-2000-2)

BID - 2728

OSVDB - 480


Last Updated: 27 May 2016 10:36:18