Description
PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5.
Remediation
References
Related Vulnerabilities
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4281)
WordPress Plugin Newsletter-Send awesome emails from WordPress Unspecified Vulnerability (4.1.1)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-8623)
Moodle Cleartext Transmission of Sensitive Information Vulnerability (CVE-2024-43432)
WordPress Plugin Website FAQ 'website-faq-widget.php' SQL Injection (1.0)