Title: DCForum dcboard.cgi az Hidden Field Remote Execution
Mar 31, 2003
Apr 16, 2001
DCForum contains a flaw that allows a remote attacker to execute commands remotely. The issue is due to the dcboard.cgi file not properly sanitizing the "az=" hidden field. If an attacker changes this field to include an arbitrary file with perl commands, they will be executed by the vulnerable server during script processing.
Remote / Network Access
Loss of Integrity
Currently, there are no known workarounds or upgrades to correct this issue.
However, DCScripts.com has released a patch to address this vulnerability.