PT-2008-4648 · Dotclear · Dotclear

Publicado

2008-07-18

Atualizado

2018-10-11

CVE-2008-3232

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Dotclear versions 1.2.7.1 and earlier

Description: The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to ecrire/images.php, and then accessing it via a direct request to the file in images.

Recommendations: For Dotclear versions 1.2.7.1 and earlier, consider restricting access to the ecrire/images.php file to prevent unauthorized file uploads until a fix is available. As a temporary workaround, restrict the ability to upload files with executable extensions to minimize the risk of exploitation.

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2008-3232

Produtos afetados

Dotclear

PT-2008-4648 · Dotclear · Dotclear

CVE-2008-3232

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11