PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and previous versions allows remote malicious users to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dotclear dotclear 1.2.1 |
||
dotclear dotclear 1.2.2 |
||
dotclear dotclear 1.2.3 |
||
dotclear dotclear 1.2.4 |