Discuz! <= 4.0.0 Rc4 Arbitrary File Upload Flaw Network Vulnerability

Summary

The remote host is using Discuz!, a popular web application forum in China. According to its version, the installation of Discuz! on the remote host fails to properly check for multiple extensions in uploaded files. An attacker may be able to exploit this issue to execute arbitrary commands on the remote host subject to the privileges of the web server user id, typically nobody.

Solution

Upgrade to the latest version of this software.

References

http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0440.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-2614
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Header overflow against HTTP proxy
TFTPD overflow
NNTP password overflow
F5 BIG-IP remote root authentication bypass Vulnerability
OpenSSH UseLogin Environment Variables

Discuz! <= 4.0.0 rc4 Arbitrary File Upload Flaw

Take action and discover your vulnerabilities