CVE-2002-0095

BSCW 3.x - Unauthenticated User Registration and File Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0095. PoCs published by Thomas Seliger.

AI-analyzed exploit summary This is a writeup describing a vulnerability in BSCW (Basic Support for Cooperative Work) where the default installation allows users to self-register, potentially enabling exploitation of other vulnerabilities such as remote command execution (BugTraq ID 3776). The provided URL is an example endpoint that could be targeted.

Description

The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 enables user self registration, which could allow remote attackers to upload files and possibly join a user community that was intended to be closed.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Thomas Seliger · textremotemultiple
https://www.exploit-db.com/exploits/21197

This is a writeup describing a vulnerability in BSCW (Basic Support for Cooperative Work) where the default installation allows users to self-register, potentially enabling exploitation of other vulnerabilities such as remote command execution (BugTraq ID 3776). The provided URL is an example endpoint that could be targeted.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: BSCW (Basic Support for Cooperative Work)
No auth needed
Prerequisites: Default installation of BSCW with self-registration enabled
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/248000
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3777
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/7775.php

Scores

EPSS 0.0279
EPSS Percentile 84.7%

Details

Status published
Products (3)
fraunhofer_fit/bscw 3.4
fraunhofer_fit/bscw 4.0
fraunhofer_fit/bscw 4.0.6
Published Mar 25, 2002
Tracked Since Feb 18, 2026