Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
DCForum远程可获得管理权限漏洞
Vulnerability Description
DCForum是一种基于WEB的会议系统,设计用于在线讨论。它是用Perl实现的,几乎没有系统相关性,可以运行于Linux、Windows以及绝大多数Unix变体上。 一些版本的DCForum存在漏洞,远程攻击者可以利用这个漏洞获得DCForum的管理权限甚至执行任意命令。 DCForum维护着一个文件包含用户账号信息,包含用户口令的哈希值和其它敏感信息。当建立一个新账号的适合,用户信息会被写入这个文件,一个用户信息一行,每一项记录用管道符('|')隔开。DCForum对用户输入的信息检查不严,攻击者可以
CVSS Information
N/A
Vulnerability Type
N/A