Description

Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory.

Remediation

References

CVE-2011-5083

Related Vulnerabilities

WordPress Plugin Forminator-Contact Form, Payment Form & Custom Form Builder Unspecified Vulnerability (1.14.9)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.11)

WordPress Plugin Booking Calendar-Appointment Booking-BookIt Security Bypass (2.3.7)

Jetty Improper Input Validation Vulnerability (CVE-2022-2047)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-9025)

Severity

High

Classification

CVE-2011-5083 CWE-264

Tags

Missing Update Known Vulnerabilities