CVE-2011-1584
Dotclear exposes an Arbitrary File Upload vulnerability in the Media Manager. The updateFile function in inc/core/class.dc.media.php does not properly restrict pathnames, enabling remote authenticated users to upload and execute arbitrary PHP code via the media_path or media_file parameters. Affe...