Description

Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some other PHP file extension.

Remediation

References

CVE-2014-3782

Related Vulnerabilities

YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4209)

WordPress Plugin Active Directory Integration/LDAP Integration Unspecified Vulnerability (3.7.6)

MySQL CVE-2017-3647 Vulnerability (CVE-2017-3647)

OpenSSL Cryptographic Issues Vulnerability (CVE-2015-0205)

Liferay Portal Improper Authentication Vulnerability (CVE-2021-29047)

Severity

Medium

Classification

CVE-2014-3782

Tags

Missing Update Known Vulnerabilities