CVE-2001-0527
published 2001-08-14CVE-2001-0527: DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name…
PriorityP338critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
4.54%
90.4th percentile
DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dcscripts | dcforum | — | — |
| dcscripts | dcforum_2000 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CWE
Improper Neutralization of Delimiters
mitre_cwe
CWE-140 Improper Neutralization of Delimiters
CWE-140: Improper Neutralization of Delimiters
The product does not neutralize or incorrectly neutralizes delimiters.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Unexpected State.
Potential Mitigations:
[Implementation] Developers should anticipate that delimiters will be injected/removed/manipulated in the input vectors of their product. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system.
[Implementation] Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it int
CWE
Improper Neutralization of Record Delimiters
mitre_cwe
CWE-143 Improper Neutralization of Record Delimiters
CWE-143: Improper Neutralization of Record Delimiters
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as record delimiters when they are sent to a downstream component.
As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Unexpected State.
Potential Mitigations:
Developers should anticipate that record delimiters will be injected/removed/manipulated in the input vectors of their product. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system.
[Implementati
http://archives.neohapsis.com/archives/bugtraq/2001-05/0122.htmlhttp://www.dcscripts.com/dcforum/dcfNews/167.htmlhttp://www.osvdb.org/480http://www.securityfocus.com/bid/2728https://exchange.xforce.ibmcloud.com/vulnerabilities/6538http://archives.neohapsis.com/archives/bugtraq/2001-05/0122.htmlhttp://www.dcscripts.com/dcforum/dcfNews/167.htmlhttp://www.osvdb.org/480http://www.securityfocus.com/bid/2728https://exchange.xforce.ibmcloud.com/vulnerabilities/6538
2001-08-14
Published