Description

Unrestricted file upload vulnerability in ecrire/images.php in Dotclear 1.2.7.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images.

Remediation

References

CVE-2008-3232

Related Vulnerabilities

WordPress 4.5.x Cross-Site Scripting Vulnerability (4.5 - 4.5.1)

Apache Tomcat Incorrect Default Permissions Vulnerability (CVE-2020-8022)

Oracle HTTP Server Improper Certificate Validation Vulnerability (CVE-2020-26184)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-2644)

Elgg URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-11016)

Severity

Critical

Classification

CVE-2008-3232 CWE-94

Tags

Missing Update Known Vulnerabilities