CVE-2011-1584

Name of the Vulnerable Software and Affected Versions Dotclear versions prior to 2.2.3

Description The issue concerns the updateFile function in the Media Manager, which does not properly restrict pathnames. This allows remote authenticated users to upload and execute arbitrary PHP code via the media path or media file parameter.

Recommendations For versions prior to 2.2.3, update to version 2.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the updateFile function in the Media Manager to minimize the risk of exploitation. Avoid using the media path or media file parameter in the affected function until the issue is resolved.