Description
Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some other PHP file extension.
Remediation
References
Related Vulnerabilities
WordPress Plugin Gallery PhotoBlocks Cross-Site Scripting (1.1.50)
MySQL CVE-2023-22032 Vulnerability (CVE-2023-22032)
WordPress Plugin Co-Authors Plus Multiple Unspecified Vulnerabilities (3.1.2)
WordPress Plugin CMS Tree Page View Cross-Site Scripting (1.2.31)
WordPress Plugin SE HTML5 Album Audio Player Directory Traversal (1.1.0)