CVE-2001-0527

DCScripts DCForum <=2000 - Privilege Escalation

Title source: llm

Description

DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Franklin DeMatto · perlremotecgi

https://www.exploit-db.com/exploits/20849

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] http://www.osvdb.org/480

[Exploit, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2001-05/0122.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/6538

[Patch] http://www.dcscripts.com/dcforum/dcfNews/167.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/2728

Scores

EPSS 0.0699

EPSS Percentile 91.5%

Details

Status published

Products (2)

dcscripts/dcforum 6.0

dcscripts/dcforum_2000 1.0

Published Aug 14, 2001

Tracked Since Feb 18, 2026