Lucene search

[email protected]CVE-2001-0527

HistoryAug 14, 2001 - 4:00 a.m.

CVE-2001-0527

2001-08-1404:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2001-0527

dcscripts dcforum

security vulnerability

remote attack

privileges.

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.036 Low

EPSS

Percentile

91.5%

JSON

DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database.

CPENameOperatorVersion
dcscripts:dcforum_2000dcscripts dcforum 2000eq1.0
dcscripts:dcforumdcscripts dcforumeq6.0

CPE	Name	Operator	Version
dcscripts:dcforum_2000	dcscripts dcforum 2000	eq	1.0
dcscripts:dcforum	dcscripts dcforum	eq	6.0

References

archives.neohapsis.com/archives/bugtraq/2001-05/0122.html

www.dcscripts.com/dcforum/dcfNews/167.html

www.osvdb.org/480

www.securityfocus.com/bid/2728

exchange.xforce.ibmcloud.com/vulnerabilities/6538

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.036 Low

EPSS

Percentile

91.5%

JSON