PT-2006-3784 · Dotclear · Dotclear

Rgod

Published

2006-06-06

Updated

2018-10-18

CVE-2006-2866

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions DotClear versions 1.2.4 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog dc path parameter. This parameter can pass file exists() and is dir() tests on PHP 5, enabling the execution of malicious code.

Recommendations For DotClear versions 1.2.4 and earlier, consider restricting access to the layout/prepend.php file until a patch is available. As a temporary workaround, avoid using FTP URLs in the blog dc path parameter to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2866

Affected Products

Dotclear

PT-2006-3784 · Dotclear · Dotclear

CVE-2006-2866

Related Identifiers

Affected Products

References · 10