Description

PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5.

Remediation

References

CVE-2006-2866

Related Vulnerabilities

WordPress Plugin WP-DownloadManager Cross-Site Request Forgery (1.60)

Internet Information Services Other Vulnerability (CVE-2002-0364)

IBM WebSEAL Incorrect Default Permissions Vulnerability (CVE-2023-38370)

Oracle Database Server CVE-2007-2116 Vulnerability (CVE-2007-2116)

WordPress Plugin Connections Business Directory Unspecified Vulnerability (0.7.1.5)

Severity

Medium

Classification

CVE-2006-2866

Tags

Missing Update Known Vulnerabilities