Description
Unrestricted file upload vulnerability in ecrire/images.php in Dotclear 1.2.7.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP e-Commerce-Clockwork SMS Cross-Site Scripting (2.0.5)
WordPress Plugin WP-Recall-Registration, Profile, Commerce & More Security Bypass (16.26.6)
MySQL CVE-2022-21633 Vulnerability (CVE-2022-21633)
WordPress Plugin ForumConverter SQL Injection (1.11)
JBoss Application Server Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-3609)