CNNVD-202512-1784 Information
CNNVD ID
CNNVD-202512-1784
Related CVE
- CNNVD Published: 2025-12-10
Description (Chinese)
Dotclear是Dotclear开源的一个开源博客发布应用程序。 Dotclear 2.29版本存在代码问题漏洞,该漏洞源于认证用户可通过媒体上传功能上传恶意PHP文件,可能导致远程代码执行。
Description (English)
Dotclar is an open-source blog posting application for Dotclar’s open source. There is a code gap in Dotclear version 2.29, which stems from the fact that a certified user can upload a malicious PHP file via the media upload function, which may result in remote code execution.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Dotclear
Published
2025-12-10
Last Modified
2026-02-24
References
https://git.dotclear.org/explore/repos https://github.com/dotclear/dotclear/archive/refs/heads/master.zip https://www.vulncheck.com/advisories/dotclear-remote-code-execution-via-authenticated-file-upload https://www.exploit-db.com/exploits/52037 https://access.redhat.com/security/cve/cve-2024-58281 https://vigilance.fr/vulnerability/Dotclear-file-upload-via-Media-49072
Patch
https://github.com/dotclear/dotclear/tags
Share on: