CVE-2000-1132

DCForum - Unauthenticated Arbitrary File Read and Program Deletion via Malformed Forum Variable

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-1132. PoCs published by steeLe.

AI-analyzed exploit summary This exploit targets a file disclosure vulnerability in DCForum CGI scripts (versions 1.0-6.0) by manipulating the 'file' parameter to read arbitrary files accessible by the web server user. It uses Lynx to fetch the content of specified files via a crafted URL.

Description

DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable.

Exploits (1)

exploitdb WORKING POC VERIFIED
by steeLe · perlremotecgi
https://www.exploit-db.com/exploits/20405

This exploit targets a file disclosure vulnerability in DCForum CGI scripts (versions 1.0-6.0) by manipulating the 'file' parameter to read arbitrary files accessible by the web server user. It uses Lynx to fetch the content of specified files via a crafted URL.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: DCForum 1.0 - 6.0
No auth needed
Prerequisites: Lynx installed on the attacker's system · Target DCForum CGI script accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Various Sources x_refsource_confirm
http://www.dcscripts.com/dcforum/dcfNews/124.html#1
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5533
Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-11/0218.html
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1951
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/1646

Scores

EPSS 0.0928
EPSS Percentile 94.7%

Details

Status published
Products (6)
dcscripts/dcforum 1.0
dcscripts/dcforum 2.0
dcscripts/dcforum 3.0
dcscripts/dcforum 4.0
dcscripts/dcforum 5.0
dcscripts/dcforum 6.0
Published Jan 09, 2001
Tracked Since Feb 18, 2026