Vulnerability Details : CVE-2011-1584
The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the media_path or media_file parameter. NOTE: some of these details are obtained from third party information.
Products affected by CVE-2011-1584
- cpe:2.3:a:dotclear:dotclear:*:*:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:2.0:beta_5.2:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:2.0:beta_4:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:2.0:beta_3:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:2.0:beta_2:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:2.0:beta_7:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:2.0:beta_6:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:2.0:beta_5.4:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:dotclear:dotclear:2.2.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1584
1.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1584
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2011-1584
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1584
-
http://dev.dotclear.org/2.0/changeset/2:3427
Changeset 2:4f1756320ee0 – Dev Dotclear 2Exploit;Patch
-
http://fr.dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3
Dotclear 2.2.3 › Blog Dotclear › Dotclear › Prenez le contrôle de votre blogVendor Advisory
-
http://openwall.com/lists/oss-security/2011/04/13/19
oss-security - CVE request: dotclear before 2.2.3
-
http://openwall.com/lists/oss-security/2011/04/14/8
oss-security - Re: CVE request: dotclear before 2.2.3
-
http://openwall.com/lists/oss-security/2011/04/15/11
oss-security - Re: CVE request: dotclear before 2.2.3
-
http://www.arcabit.com/english/home/a-flaw-in-dotclear
Arcabit - Najlepszy Polski Program Antywirusowy
-
http://dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3
Dotclear 2.2.3 › Dotclear News › Dotclear › Blog management made easyPatch;Vendor Advisory
-
http://openwall.com/lists/oss-security/2011/04/15/7
oss-security - Re: CVE request: dotclear before 2.2.3
Jump to