Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-3782

Опубликовано: 11 июн. 2014
Источник: nvd
CVSS2: 6
EPSS Низкий

Описание

Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some other PHP file extension.

Комментарий

Per: http://cwe.mitre.org/data/definitions/184.html

"CWE-184: Incomplete Blacklist"

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dotclear:dotclear:*:*:*:*:*:*:*:*
Версия до 2.6.2 (включая)
cpe:2.3:a:dotclear:dotclear:2.6:-:*:*:*:*:*:*
cpe:2.3:a:dotclear:dotclear:2.6:rc:*:*:*:*:*:*
cpe:2.3:a:dotclear:dotclear:2.6.1:*:*:*:*:*:*:*

EPSS

Процентиль: 74%
0.00829
Низкий

6 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2014-3782

ubuntu
больше 11 лет назад

Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some other PHP file extension.

debian логотип

CVE-2014-3782

debian
больше 11 лет назад

Multiple incomplete blacklist vulnerabilities in the filemanager::isFi ...

github логотип

GHSA-mhm6-7j2c-j5cm

github
больше 3 лет назад

Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some other PHP file extension.

EPSS

Процентиль: 74%
0.00829
Низкий

6 Medium

CVSS2

Дефекты

NVD-CWE-Other