The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear prior to 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the media_path or media_file parameter. NOTE: some of these details are obtained from third party information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dotclear dotclear 2.0 |
||
dotclear dotclear 2.1.7 |
||
dotclear dotclear 2.1.6 |
||
dotclear dotclear 2.1.5 |
||
dotclear dotclear 2.1 |
||
dotclear dotclear 1.2.2 |
||
dotclear dotclear |
||
dotclear dotclear 2.2 |
||
dotclear dotclear 1.2.8 |
||
dotclear dotclear 1.2.7 |
||
dotclear dotclear 2.0.1 |
||
dotclear dotclear 2.0.2 |
||
dotclear dotclear 1.2.6 |
||
dotclear dotclear 1.2.3 |
||
dotclear dotclear 1.2.4 |
||
dotclear dotclear 2.1.4 |
||
dotclear dotclear 2.1.1 |
||
dotclear dotclear 1.2.1 |
||
dotclear dotclear 1.2.5 |
||
dotclear dotclear 2.1.3 |
||
dotclear dotclear 2.2.1 |