CVE-2014-3782

Name of the Vulnerable Software and Affected Versions Dotclear versions prior to 2.6.3

Description The issue is related to incomplete blacklist vulnerabilities in the filemanager::isFileExclude method within the Media Manager. This allows remote authenticated users to execute arbitrary PHP code by uploading files with specific extensions, such as double extensions or certain PHP file extensions like .php5 or .phtml.

Recommendations For versions prior to 2.6.3, update to version 2.6.3 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to only necessary and validated extensions to minimize the risk of exploitation.