Description
Unrestricted file upload vulnerability in ecrire/images.php in Dotclear 1.2.7.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images.
Remediation
References
Related Vulnerabilities
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10186)
WordPress Plugin WP-Members Membership Cross-Site Scripting (3.1.4.2)
MediaWiki Incorrect Default Permissions Vulnerability (CVE-2021-44858)
WordPress Plugin WP Retina 2x Cross-Site Scripting (5.2.0)
MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3313)