Description
Unrestricted file upload vulnerability in ecrire/images.php in Dotclear 1.2.7.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images.
Remediation
References
Related Vulnerabilities
WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.1)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2935)
Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-7857)
WordPress Plugin Theme Editor Multiple Vulnerabilities (2.1)
WordPress Plugin Blaze Slideshow 'upload.php' Arbitrary File Upload (2.4)