CVE-2016-9268

2016-11-10T15:59:00
ID CVE-2016-9268
Type cve
Reporter NVD
Modified 2016-11-29T13:24:32

Description

Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors.