Intrusion Prevention

DCForum.Arbitrary.File.Disclosure

Description

It indicates a file disclosure vulnerability in DCForum cgforum.cgi program.

DCForum is a web forum software provided by DC Business Solutions. Due to insufficient user input validation, an attacker can read arbitrary files on the victim system by sending it a specially-crafted message.

Affected Products

Any unprotected system running DCForum 1.0 to 6.0 is vulnerable to the attack.

Impact

Attackers can read arbitrary files on the victim system or cause Denial-of-Service.

Recommended Actions

Apply appropriate patches or Upgrade the system to the latest non-vulnerable version.

CVE References

CVE-2000-1132