Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors.
References
Link | Resource |
---|---|
http://dev.dotclear.org/2.0/changeset/445e9ff79a1fa81033591761d6a340e219d159b2 | Issue Tracking Patch |
http://dev.dotclear.org/2.0/ticket/2214 | Mitigation Vendor Advisory |
http://www.securityfocus.com/bid/94246 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2016-11-10T20:00:00
Updated: 2016-11-25T19:57:01
Reserved: 2016-11-10T00:00:00
Link: CVE-2016-9268
JSON object: View
NVD Information
Status : Analyzed
Published: 2016-11-10T20:59:00.177
Modified: 2016-11-29T18:24:32.460
Link: CVE-2016-9268
JSON object: View
Redhat Information
No data.
CWE