CVE-2016-9268
NONE EPSS 91.2%
Published Nov 10, 20169y ago · Modified Jun 17, 20262w ago
Published Nov 10, 2016 9y ago
Last Modified Jun 17, 2026 2w ago
Description
Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors.
Threat Intelligence
EPSS Exploit Probability
91.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-434 Unrestricted Upload of File with Dangerous Type Resource Mgmt
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| dotclear | dotclear | * | ≤2.10.4 |
References 3
- dev.dotclear.org http://dev.dotclear.org/2.0/changeset/445e9ff79a1fa81033591761d6a340e219d159b2
- dev.dotclear.org http://dev.dotclear.org/2.0/ticket/2214
- securityfocus.com http://www.securityfocus.com/bid/94246
Remediation
- dev.dotclear.org http://dev.dotclear.org/2.0/changeset/445e9ff79a1fa81033591761d6a340e219d159b2