Description
PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5.
Remediation
References
Related Vulnerabilities
EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-38843)
Joomla Improper Preservation of Permissions Vulnerability (CVE-2020-13763)
Ruby on Rails Uncontrolled Resource Consumption Vulnerability (CVE-2021-22880)
WordPress Plugin YITH WooCommerce Product Add-Ons Cross-Site Scripting (2.2.2)