Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries and comments" permissions to execute arbitrary PHP code by uploading a file with a (1) .pht, (2) .phps, or (3) .phtml extension.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Dotclear 安全漏洞
Vulnerability Description
Dotclear是软件开发者Olivier Meunier所研发的一套免费的基于PHP和MySQL的博客(Blog)发布软件。 Dotclear 2.8.2之前的版本中的inc/core/class.dc.core.php文件存在安全漏洞。远程攻击者可通过上传带有‘.pht’、‘.phps’或‘.phtml’扩展名的文件利用该漏洞执行任意的PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A