oss-sec mailing list archives
CVE-2016-7902: Dotclear <= 2.10.2 (Media Manager) Unrestricted File Upload
From: "Hongkun Zeng" <hongkun.zeng () dbappsecurity com cn>
Date: Wed, 5 Oct 2016 23:43:04 +0800 (GMT+08:00)
Vulnerability: Dotclear <= 2.10.2 (Media Manager) Unrestricted File Upload CVE: CVE-2016-7902 Discovered by: Hongkun Zeng (http://www.dbappsecurity.com.cn/) Dotclear is an open source blog publishing application distributed under the GNU GPLv2. The fileUnzip->unzip() method not properly verifying the extension of files in zip archive. This could be exploited to execute arbitrary PHP code by uploading a zip archive file contain the files which extensions (like .php.txt or .php%20). Successful exploitation of this vulnerability requires an account with permissions to manage media items. Fix commit: https://hg.dotclear.org/dotclear/rev/a9db771a5a70 Best Regards, Hongkun Zeng --------------------------------------------------- hongkun.zeng () dbappsecurity com cn
Current thread:
- CVE-2016-7902: Dotclear <= 2.10.2 (Media Manager) Unrestricted File Upload Hongkun Zeng (Oct 05)