Description
Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some other PHP file extension.
Remediation
References
Related Vulnerabilities
Oracle Database Server Other Vulnerability (CVE-2007-0278)
Apache Denial of service in mod_lua r:parsebody Vulnerability (CVE-2022-29404)
Atlassian Jira Improper Authentication Vulnerability (CVE-2021-39119)
WordPress 4.7.x Directory Traversal (4.7 - 4.7.28)
WordPress Plugin WP Better Permalinks Cross-Site Request Forgery (3.0.4)