Lucene search

K

[email protected]NVD:CVE-2014-3782

HistoryJun 11, 2014 - 2:55 p.m.

CVE-2014-3782

2014-06-1114:55:08

[email protected]

web.nvd.nist.gov

1

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.1%

Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some other PHP file extension.

Affected configurations

NVD

Node

dotcleardotclearRange≤2.6.2

OR

dotcleardotclearMatch2.6-

OR

dotcleardotclearMatch2.6rc

OR

dotcleardotclearMatch2.6.1

References

dotclear.org/blog/post/2014/05/16/Dotclear-2.6.3

karmainsecurity.com/KIS-2014-06

seclists.org/fulldisclosure/2014/May/108

seclists.org/fulldisclosure/2014/May/116

seclists.org/fulldisclosure/2014/May/122

secunia.com/advisories/58675

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.1%

Related for NVD:CVE-2014-3782

prion1 cvelist1 securityvulns2 ubuntucve1 packetstorm1 cve1 openvas1 zdt1