CVE-2011-5083

Name of the Vulnerable Software and Affected Versions Dotclear versions 2.3.1 through 2.4.2

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory. This is due to an unrestricted file upload vulnerability in the inc/swf/swfupload.swf component.

Recommendations For versions 2.3.1 and 2.4.2, consider restricting or disabling the file upload functionality in the inc/swf/swfupload.swf component until a fix is available. Additionally, restrict access to directories where uploaded files are stored to minimize the risk of exploitation.