Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some other PHP file extension.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Dotclear | Dotclear | * | 2.6.2 (including) |
| Dotclear | Dotclear | 2.6 (including) | 2.6 (including) |
| Dotclear | Dotclear | 2.6-rc (including) | 2.6-rc (including) |
| Dotclear | Dotclear | 2.6.1 (including) | 2.6.1 (including) |
| Dotclear | Ubuntu | precise | * |
| Dotclear | Ubuntu | saucy | * |
| Dotclear | Ubuntu | trusty | * |
| Dotclear | Ubuntu | upstream | * |
| Dotclear | Ubuntu | utopic | * |
| Dotclear | Ubuntu | vivid | * |
| Dotclear | Ubuntu | wily | * |
References
- http://dotclear.org/blog/post/2014/05/16/Dotclear-2.6.3
- http://karmainsecurity.com/KIS-2014-06
- http://seclists.org/fulldisclosure/2014/May/108
- http://seclists.org/fulldisclosure/2014/May/116
- http://seclists.org/fulldisclosure/2014/May/122
- http://secunia.com/advisories/58675
- http://dotclear.org/blog/post/2014/05/16/Dotclear-2.6.3
- http://karmainsecurity.com/KIS-2014-06
- http://seclists.org/fulldisclosure/2014/May/108
- http://seclists.org/fulldisclosure/2014/May/116
- http://seclists.org/fulldisclosure/2014/May/122
- http://secunia.com/advisories/58675