PT-2025-52523 · Dotclear · Dotclear

Mirabbas Ağalarov

Published

2025-12-19

Updated

2025-12-22

CVE-2023-53952

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dotclear version 2.25.3

Description Dotclear version 2.25.3 contains a remote code execution issue. Authenticated attackers can upload malicious PHP files with a .phar extension through the blog post creation interface. Uploading files containing PHP system commands allows execution of arbitrary code on the server when the uploaded file is accessed. The issue involves the ability to upload files via the blog post creation interface.

Recommendations Update to a newer version that contains a fix for this vulnerability.

Exploit

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2023-53952

Affected Products

Dotclear

PT-2025-52523 · Dotclear · Dotclear

CVE-2023-53952

Weakness Enumeration

Related Identifiers

Affected Products

References · 11