6
CVE-2014-3782
- EPSS 1.21%
- Veröffentlicht 11.06.2014 14:55:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some other PHP file extension.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.21% | 0.643 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
http://dotclear.org/blog/post/2014/05/16/Dotclear-2.6.3
http://secunia.com/advisories/58675
http://karmainsecurity.com/KIS-2014-06
http://seclists.org/fulldisclosure/2014/May/108
http://seclists.org/fulldisclosure/2014/May/116
http://seclists.org/fulldisclosure/2014/May/122