Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear prior to 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries and comments" permissions to execute arbitrary PHP code by uploading a file with a (1) .pht, (2) .phps, or (3) .phtml extension.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dotclear dotclear |