CVE-2015-8832

Name of the Vulnerable Software and Affected Versions Dotclear versions prior to 2.8.2

Description The issue allows remote authenticated users with specific permissions to execute arbitrary PHP code by uploading files with certain extensions, including .pht, .phps, and .phtml. This is due to multiple incomplete blacklist vulnerabilities in the inc/core/class.dc.core.php file.

Recommendations For versions prior to 2.8.2, update to version 2.8.2 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to only trusted users or disabling the ability to upload files with executable extensions until the update is applied.