Description

PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5.

Remediation

References

CVE-2006-2866

Related Vulnerabilities

WordPress Plugin MiwoEvents-Manage & Book Events Unspecified Vulnerability (1.2.0)

WordPress Plugin WooCommerce Address Book Cross-Site Request Forgery (1.5.6)

WordPress 4.6.x Cross-Site Request Forgery (4.6 - 4.6.13)

e107 Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2020)

Drupal Core 7.x Multiple Security Bypass Vulnerabilities (7.0 - 7.25)

Severity

Medium

Classification

CVE-2006-2866

Tags

Missing Update Known Vulnerabilities