Description
Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries and comments" permissions to execute arbitrary PHP code by uploading a file with a (1) .pht, (2) .phps, or (3) .phtml extension.
Remediation
References
Related Vulnerabilities
WordPress Plugin MAC PHOTO GALLERY Arbitrary File Download (3.0)
Oracle Application Server CVE-2008-2589 Vulnerability (CVE-2008-2589)
Joomla! Core 4.2.0 Information Disclosure (4.2.0)
PmWiki Other Vulnerability (CVE-2006-4453)
WordPress Plugin Acobot Live Chat & Contact Form Multiple Vulnerabilities (2.0)