CVE-2011-1584

Severity

65%

Complexity

80%

Confidentiality

106%

The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the media_path or media_file parameter. NOTE: some of these details are obtained from third party information.

The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the media_path or media_file parameter. NOTE: some of these details are obtained from third party information.

CVSS 2.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P).

Overview

Type

DotClear

First reported 13 years ago

2011-06-08 10:36:00

Last updated 12 years ago

2012-04-27 04:00:00

Affected Software

DotClear 1.2.1

1.2.1

DotClear 1.2.2

1.2.2

DotClear 1.2.3

1.2.3

DotClear 1.2.4

1.2.4

DotClear 1.2.5

1.2.5

DotClear 1.2.6

1.2.6

DotClear 1.2.7

1.2.7

DotClear 1.2.8

1.2.8

DotClear 2.0

2.0

DotClear 2.0 beta 2

2.0

DotClear 2.0 beta 3

2.0

DotClear 2.0 beta 4

2.0

DotClear 2.0 beta 5.2

2.0

DotClear 2.0 beta 5.4

2.0

DotClear 2.0 beta 6

2.0

DotClear 2.0 beta 7

2.0

DotClear 2.0 release candidate 1

2.0

DotClear 2.0 release candidate 2

2.0

DotClear 2.0.1

2.0.1

DotClear 2.0.2

2.0.2

DotClear 2.1

2.1

DotClear 2.1.1

2.1.1

DotClear 2.1.3

2.1.3

DotClear 2.1.4

2.1.4

DotClear 2.1.5

2.1.5

DotClear 2.1.6

2.1.6

DotClear 2.1.7

2.1.7

DotClear 2.2

2.2

DotClear 2.2.1

2.2.1

References

http://dev.dotclear.org/2.0/changeset/2:3427

Exploit, Patch

http://dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3

Patch, Vendor Advisory

http://fr.dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3

Vendor Advisory

[oss-security] 20110413 CVE request: dotclear before 2.2.3

[oss-security] 20110414 Re: CVE request: dotclear before 2.2.3

[oss-security] 20110415 Re: CVE request: dotclear before 2.2.3

[oss-security] 20110415 Re: CVE request: dotclear before 2.2.3

44049

Vendor Advisory

http://www.arcabit.com/english/home/a-flaw-in-dotclear

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.