Crosscom Olicom » Discuz » 3.0 : Security Vulnerabilities, CVEs,
Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that include .php.
Max CVSS
7.5
EPSS Score
14.91%
Published
2005-08-17
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag.
Max CVSS
6.8
EPSS Score
1.16%
Published
2004-11-23
Updated
2017-07-11
2 vulnerabilities found