Description
The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the media_path or media_file parameter. NOTE: some of these details are obtained from third party information.
Remediation
References
Related Vulnerabilities
WordPress Plugin Survey Maker-Best WordPress Survey Cross-Site Scripting (2.0.6)
Oracle Database Server CVE-2009-3414 Vulnerability (CVE-2009-3414)
Squid Improper Input Validation Vulnerability (CVE-2016-2572)
ownCloud Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-31649)
WordPress Plugin LeagueManager Multiple SQL Injection Vulnerabilities (3.9.1.1)