CGIForum "thesection" Directory Traversal Vulnerability

Solution:
Excerpted from vendor's advisory (http://www.dcscripts.com/dcforum/dcfNews/124.html)

--------

FIX - In dcboard.cgi and dcadmin.cgi, after

$r_in = \%in;

ADD

$r_in->{'forum'} =~ s/\W//g;
NOTE - That's an uppercase W.

Please apply this patch as soon as possible.

-------------------------
David

--------



 

Privacy Statement
Copyright 2010, SecurityFocus