dotclear 2.8.1: Code ExecutionDate: 2015-11-13 11:37:41
|Affected Product:||dotclear 2.8.1|
|Fixed Version Link:||http://download.dotclear.org/latest.zip|
|Vulnerability Type:||Code Execution|
|Reported to vendor:||10/02/2015|
|Disclosed to public:||11/13/2015|
|Release mode:||Coordinated release|
|Credits||Tim Coen of curesec GmbH|
High 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C
While upload of files with extension php, php4, and php5 is forbidden, upload of files with the extension pht, phps, and phtml is allowed, which will lead to code execution with most default Apache configurations.
The upload form is located here:
A user with the right "manage their own media items" and "manage their own entries and comments" is needed to exploit this issue.
To mitigate this issue please upgrade at least to version 2.8.2:
Please note that a newer version might already be available.
5. Report Timeline
|10/25/2015||Vendor releases fix|
|11/13/2015||Disclosed to public|