CVE-2016-9268

NONE EPSS 91.2%
Published Nov 10, 20169y ago · Modified Jun 17, 20262w ago
Find Similar
Published Nov 10, 2016 9y ago
Last Modified Jun 17, 2026 2w ago

Description

Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors.

Threat Intelligence

EPSS Exploit Probability
91.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-434 Unrestricted Upload of File with Dangerous Type Resource Mgmt

Affected Products 1

VendorProductVersionRange
dotcleardotclear* ≤2.10.4

References 3

  • dev.dotclear.org http://dev.dotclear.org/2.0/changeset/445e9ff79a1fa81033591761d6a340e219d159b2
    Issue TrackingPatch
  • dev.dotclear.org http://dev.dotclear.org/2.0/ticket/2214
    MitigationVendor Advisory
  • securityfocus.com http://www.securityfocus.com/bid/94246
    Third Party AdvisoryVDB Entry

Remediation

  • dev.dotclear.org http://dev.dotclear.org/2.0/changeset/445e9ff79a1fa81033591761d6a340e219d159b2
    Issue TrackingPatch