Описание
upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:dcscripts:dcforum:1.0:*:*:*:*:*:*:*
cpe:2.3:a:dcscripts:dcforum:2.0:*:*:*:*:*:*:*
cpe:2.3:a:dcscripts:dcforum:3.0:*:*:*:*:*:*:*
cpe:2.3:a:dcscripts:dcforum:4.0:*:*:*:*:*:*:*
cpe:2.3:a:dcscripts:dcforum:5.0:*:*:*:*:*:*:*
cpe:2.3:a:dcscripts:dcforum:6.0:*:*:*:*:*:*:*
cpe:2.3:a:dcscripts:dcforum_2000:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00765
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file.
EPSS
Процентиль: 73%
0.00765
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other