CVE-2015-8832

🗓️ 09 Feb 2017 15:00:00Reported by debianType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 47 Views🌐 WEB

CVE-2015-8832: Incomplete blacklist vulnerabilities allow remote authenticated users to execute arbitrary PHP code by uploading certain file types

Reporter	Title	Published	Views	Family All 8
CNVD	Dotclear Arbitrary PHP Code Execution Vulnerability	16 Feb 201700:00	–	cnvd
Cvelist	CVE-2015-8832	9 Feb 201715:00	–	cvelist
EUVD	EUVD-2015-8698	7 Oct 202500:30	–	euvd
NVD	CVE-2015-8832	9 Feb 201715:59	–	nvd
OSV	UBUNTU-CVE-2015-8832	9 Feb 201715:59	–	osv
Prion	Input validation	9 Feb 201715:59	–	prion
UbuntuCve	CVE-2015-8832	9 Feb 201715:59	–	ubuntucve
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2015-8832	10 Sep 202500:00	–	nessus

NVD

Node

Source	Link
hg	www.hg.dotclear.org/dotclear/rev/198580bc3d80
securityfocus	www.securityfocus.com/bid/96379
openwall	www.openwall.com/lists/oss-security/2016/03/05/4
packetstormsecurity	www.packetstormsecurity.com/files/134352/dotclear-2.8.1-Shell-Upload.html
blog	www.blog.curesec.com/article/blog/dotclear-281-Code-Execution-93.html
seclists	www.seclists.org/fulldisclosure/2015/Nov/58
openwall	www.openwall.com/lists/oss-security/2016/03/07/5
dotclear	www.dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2

Parameter	Position	Path	Description	CWE
file	binary	inc/core/class.dc.core.php	Insecure file upload allowing execution of arbitrary PHP code via .pht, .phps, or .phtml extensions due to incomplete blacklist.	CWE-284
filename	binary	inc/core/class.dc.core.php	Insecure file upload allowing execution of arbitrary PHP code via .pht, .phps, or .phtml extensions due to incomplete blacklist.	CWE-284
upload	binary	inc/core/class.dc.core.php	Insecure file upload allowing execution of arbitrary PHP code via .pht, .phps, or .phtml extensions due to incomplete blacklist.	CWE-284

13 May 2026 00:24Current

8.8High risk

Vulners AI Score8.8

CVSS 26.5

CVSS 38.8

EPSS0.00922