6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
77.1%
Multiple incomplete blacklist vulnerabilities in the
filemanager::isFileExclude method in the Media Manager in Dotclear before
2.6.3 allow remote authenticated users to execute arbitrary PHP code by
uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or
some other PHP file extension.