2001-05-24 04:00:00
mitre
PUBLISHED
upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file.