CVE-2014-3782

Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some other PHP file extension.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dotclear:dotclear:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:dotclear:dotclear:2.6:rc:*:*:*:*:*:*
cpe:2.3:a:dotclear:dotclear:2.6:-:*:*:*:*:*:*
cpe:2.3:a:dotclear:dotclear:*:*:*:*:*:*:*:*

Information

Published : 2014-06-11 07:55

Updated : 2014-06-12 09:04


NVD link : CVE-2014-3782

Mitre link : CVE-2014-3782


JSON object : View

Advertisement

dedicated server usa

Products Affected

dotclear

  • dotclear