Unrestricted File Upload Vulnerability in Dotclear 2.10.4
CVE-2016-9268

7.2HIGH

Key Information:

Vendor

Dotclear

Status
Dotclear
Vendor
CVE Published:
10 November 2016

What is CVE-2016-9268?

An unrestricted file upload vulnerability exists in the Blog appearance of the Dotclear platform, specifically within the 'Install or upgrade manually' module. This flaw allows authenticated super-administrators to upload arbitrary files, particularly theme files with a zip extension. Once uploaded, these theme files can be accessed through various unspecified vectors, enabling potential execution of arbitrary code on the affected servers.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://dev.dotclear.org/2.0/ticket/2214
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94246
vdb-entryx_refsource_BID
http://dev.dotclear.org/2.0/changeset/445e9ff79a1fa810335...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.