Description

PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5.

Remediation

References

CVE-2006-2866

Related Vulnerabilities

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Directory Traversal (1.3.33)

Microsoft SQL Server Other Vulnerability (CVE-2001-0542)

WordPress Improper Input Validation Vulnerability (CVE-2013-4339)

Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.9)

WordPress Plugin Forminator-Contact Form, Payment Form & Custom Form Builder Arbitrary File Upload (1.28.1)

Severity

Medium

Classification

CVE-2006-2866

Tags

Missing Update Known Vulnerabilities