Summary
This host is running Dotclear and is prone to arbitrary file upload vulnerability.
Impact
Successful exploitation allows remote authenticated users to upload and execute arbitrary PHP code.
Impact Level: Application
Solution
Upgrade to Dotclear version 2.2.3 or later,
For updates refer to http://dotclear.org/download
Insight
The flaw is caused by improper validation of user-supplied input passed via the 'updateFile()' function in inc/core/class.dc.media.php, which allows attackers to execute arbitrary PHP code by uploading a PHP file.
Affected
Dotclear versions prior to 2.2.3
References
Severity
Classification
-
CVE CVE-2011-1584 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Apache Open For Business HTML injection vulnerability
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- Apache Struts2 showcase namespace XSS Vulnerability