VULHUB ™

STG Security Advisory: Discuz! does not properly check extensions of uploaded files, so malicious attackers can upload a file with multiple extensions such as attach.php.php.php.php.rar to a web server. This can be exploited to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user. Versions 4.0.0 rc4 and prior are affected.

STG Security Advisory: Discuz! does not properly check extensions of uploaded files, so malicious attackers can upload a file with multiple extensions such as attach.php.php.php.php.rar to a web server. This can be exploited to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user. Versions 4.0.0 rc4 and prior are affected.