Discuz! <= 4.0.0 Rc4 Arbitrary File Upload Flaw Network Vulnerability

Summary

The remote host is using Discuz!, a popular web application forum in China. According to its version, the installation of Discuz! on the remote host fails to properly check for multiple extensions in uploaded files. An attacker may be able to exploit this issue to execute arbitrary commands on the remote host subject to the privileges of the web server user id, typically nobody.

Solution

Upgrade to the latest version of this software.

References

http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0440.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-2614

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Discuz! <= 4.0.0 rc4 Arbitrary File Upload Flaw
snmpXdmid overflow
IIS FrontPage DoS II
SOCKS4A hostname overflow
SimpleServer remote execution

Take action and discover your vulnerabilities