7.5

CVE-2011-5083

Exploit
Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DotclearDotclear Version2.3.1
DotclearDotclear Version2.4.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.3% 0.869
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://cxsecurity.com/issue/WLB-2011090012
Exploit
http://vigilance.fr/vulnerability/Dotclear-file-upload-via-swfupload-swf-11396
Exploit
http://www.exploit-db.com/exploits/18529
http://www.osvdb.org/79665
http://www.securityfocus.com/bid/52173