Description
The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the media_path or media_file parameter. NOTE: some of these details are obtained from third party information.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-0432 Vulnerability (CVE-2013-0432)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2199)
Oracle JRE CVE-2013-2452 Vulnerability (CVE-2013-2452)
Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7871)
e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-6434)