Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1584

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2011-1584
Last Modified 27 Apr 2012 12:00:00
Published 08 Jun 2011 06:36:13
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-1584

Summary

The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the media_path or media_file parameter. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Dotclear 1.2.1

  • Dotclear 1.2.2

  • Dotclear 1.2.3

  • Dotclear 1.2.4

  • Dotclear 1.2.5

  • Dotclear 1.2.6

  • Dotclear 1.2.7

  • Dotclear 1.2.8

  • Dotclear 2.0

  • Dotclear 2.0.1

  • Dotclear 2.0.2

  • Dotclear 2.1

  • Dotclear 2.1.1

  • Dotclear 2.1.3

  • Dotclear 2.1.4

  • Dotclear 2.1.5

  • Dotclear 2.1.6

  • Dotclear 2.1.7

  • Dotclear 2.2

  • Dotclear 2.2.1

  • Dotclear 2.2.2


References

CONFIRM - http://dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3

MISC - http://dev.dotclear.org/2.0/changeset/2:3427

MISC - http://www.arcabit.com/english/home/a-flaw-in-dotclear

SECUNIA - 44049

MLIST - [oss-security] 20110415 Re: CVE request: dotclear before 2.2.3

MLIST - [oss-security] 20110414 Re: CVE request: dotclear before 2.2.3

MLIST - [oss-security] 20110413 CVE request: dotclear before 2.2.3

CONFIRM - http://fr.dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3


Last Updated: 27 May 2016 10:56:22