CNNVD-202512-3783 Information

CNNVD ID

CNNVD-202512-3783

Related CVE

CVE-2023-53952

• CNNVD Published: 2025-12-19

Description (Chinese)

Dotclear是Dotclear开源的一个开源博客发布应用程序。 Dotclear 2.25.3版本存在代码问题漏洞，该漏洞源于允许上传.phar扩展名的恶意文件，可能导致远程代码执行。

Description (English)

Dotclar is an open-source blog posting application for Dotclar’s open source. There is a code breach in Dotclear version 2.25.3, which stems from malicious documents allowing the uploading of .phar extension, which may result in remote code execution.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

Dotclear

Published

2025-12-19

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/dotclear-authenticated-remote-code-execution-via-file-upload https://dotclear.org/ https://www.exploit-db.com/exploits/51353 https://access.redhat.com/security/cve/cve-2023-53952