Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

BosNews 2002-2006 Remote add user admin

BosNews v4.0 Remote add user admin

KwsPHP (Upload) Remote Code Execution Exploit

S21SEC-041-en: Cezanne SW Cross-Site Scripting

From:	Morgan ARMAND <armand_m_(at)_epitech.net>
Date:	15.04.2008
Subject:	Dotclear 'ecrire/images.php' Arbitrary File Upload Vulnerability

#####################################################################

Advisory #1 "Dotclear 'ecrire/images.php' Arbitrary File Upload
Vulnerability"

$ Author : Morgan ARMAND
$ Contact : armand_m at epitech dot net
$ Vendor URL : http://www.dotclear.net
$ Vendor Contacted : 07/04/2008
$ Vendor Status : No response
$ Affected Software : Dotclear <= 1.2.7.1
$ Severity : Medium / Critical

#####################################################################

Vulnerability:

Dotclear is prone to an arbitrary script upload vulnerability.

The vulnerability is caused due to missing validation of the file extension.

If successfully exploited, an attacker can execute arbitrary script code
on a vulnerable server.
You need to have an account in order to access to the vulnerable page.

All versions of Dotclear are considered vulnerable at the moment.