CVE-2014-3782

NONE EPSS 64.6%
Published Jun 11, 201412y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jun 11, 2014 12y ago
Last Modified Jun 17, 2026 2w ago

Description

Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some other PHP file extension.

Threat Intelligence

EPSS Exploit Probability
64.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Affected Products 4

VendorProductVersionRange
dotcleardotclear* ≤2.6.2
dotcleardotclear2.6any
dotcleardotclear2.6any
dotcleardotclear2.6.1any

References 6

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.