Dotclear
CVE-2016-9268
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors.
AnalysisAI
Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors. Affected products include: Dotclear. Version information: through 2.10.4.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.
Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authen
Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dc_passwd coo
Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to injec
The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass a
Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authentica
Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary
Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers
Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear
XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order paramete
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. Rated medium severity
SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the
Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remo
Share
External POC / Exploit Code
Leaving vuln.today