Description
PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5.
Remediation
References
Related Vulnerabilities
GlassFish Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3250)
Oracle Database Server CVE-2023-22071 Vulnerability (CVE-2023-22071)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2016-7053)
WordPress Plugin is_human() 'type' Parameter Remote Command Injection (1.4.2)
WordPress Plugin Gallery Categories by BestWebSoft Cross-Site Scripting (1.0.8)