Back to CVE Browser

CVE-2008-3232

CRITICAL

9.3

CVSS Severity Score

EPSS Score0.0160%

EPSS Percentile41.65th

PublishedJul 18, 2008

Last ModifiedApr 23, 2026

Vulnerability Description

Unrestricted file upload vulnerability in ecrire/images.php in Dotclear 1.2.7.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images.

Affected Platforms (CPE)

📦

Dotclear

Dotclear

<= 1.2.7

📦

Dotclear

Dotclear

= 1.2.1

📦

Dotclear

Dotclear

= 1.2.2

📦

Dotclear

Dotclear

= 1.2.3

📦

Dotclear

Dotclear

= 1.2.4

📦

Dotclear

Dotclear

= 1.2.5

📦

Dotclear

Dotclear

= 1.2.6

References & Advisories

🔗 http://osvdb.org/44441

🔗 http://secunia.com/advisories/29819

🔗 http://www.dotclear.net/blog/post/2008/04/18/Dotclear-128

🔗 http://www.dotclear.net/blog/post/2008/04/18/Gestionnaire-de-media-et-types-de-fichiers

🔗 http://www.openwall.com/lists/oss-security/2008/07/14/2

🔗 http://www.securityfocus.com/archive/1/490865/100/0/threaded

🔗 http://www.securityfocus.com/bid/28787

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/41828

Related Vulnerabilities

CVE-2005-395710.0

Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors.

CVE-2016-79028.8

Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users ...

CVE-2015-88328.8

Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated us...

CVE-2011-50837.5

Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arb...