Unrestricted File Upload Vulnerability in Dotclear's Media Manager
CVE-2014-3782

Currently unrated

Key Information:

Vendor

Dotclear

Status
Dotclear
Vendor
CVE Published:
11 June 2014

What is CVE-2014-3782?

In the Media Manager of Dotclear prior to version 2.6.3, multiple incomplete blacklist vulnerabilities exist within the filemanager::isFileExclude method. These flaws permit remote authenticated users to upload malicious files with deceptive extensions, such as double extensions or unexpected PHP file types like .php5 or .phtml, leading to arbitrary execution of PHP code. This could enable attackers to exploit the system without proper authorization, raising significant security concerns.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://dotclear.org/blog/post/2014/05/16/Dotclear-2.6.3
x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2014/May/122
mailing-listx_refsource_FULLDISC
http://seclists.org/fulldisclosure/2014/May/116
mailing-listx_refsource_FULLDISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.