Description

Unrestricted file upload vulnerability in ecrire/images.php in Dotclear 1.2.7.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images.

Remediation

References

CVE-2008-3232

Related Vulnerabilities

Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.4.4)

WordPress 3.8.x Denial of Service Vulnerability (3.8 - 3.8.25)

Internet Information Services Other Vulnerability (CVE-2002-1745)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-3597)

WordPress Plugin Total Sales For Woocommerce Cross-Site Scripting (1.1)

Severity

Critical

Classification

CVE-2008-3232 CWE-94

Tags

Missing Update Known Vulnerabilities