2 matches found
CVE-2011-1584
The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the mediapath or mediafile parameter. NOTE: some of these details are...
CVE-2011-1584
Dotclear exposes an Arbitrary File Upload vulnerability in the Media Manager. The updateFile function in inc/core/class.dc.media.php does not properly restrict pathnames, enabling remote authenticated users to upload and execute arbitrary PHP code via the media_path or media_file parameters. Affe...