CVE-2016-9268

Published: Nov 10, 2016Modified: May 6, 2026

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors.

Affected (1)

Products: Dotclear: Dotclear

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dotclear Dotclear	Up to 2.10.4

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

http://dev.dotclear.org/2.0/changeset/445e9ff79a1fa81033591761d6a340e219d159b2

Source: cve@mitre.org

Issue TrackingPatch

http://dev.dotclear.org/2.0/ticket/2214

Source: cve@mitre.org

MitigationVendor Advisory

http://www.securityfocus.com/bid/94246

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://dev.dotclear.org/2.0/changeset/445e9ff79a1fa81033591761d6a340e219d159b2

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

http://dev.dotclear.org/2.0/ticket/2214

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

http://www.securityfocus.com/bid/94246

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.