|
Description
|
|
Multiple vulnerabilities have been identified in deV!Lz Clanportal (DZCP), which could be exploited by remote attackers to execute arbitrary commands.
The first issue is due to an input validation error in the "upload/index.php" script that does not validate uploaded images before being stored in the "inc/images/uploads/userpics" folder, which could be exploited by remote attackers to upload malicious images containing PHP code and execute arbitrary commands with the privileges of the web server.
The second vulnerability is due to an input validation error in the "sites/index.php" script when processing the "show" parameter, which may be exploited by malicious users to conduct SQL injection attacks.
|
