Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that include .php.
AV:N/AC:L/Au:N/C:P/I:P/A:P
17/08/2005
by Crosscom Olicom
19 years ago