Vigil@nce - Dotclear: file upload via blog_theme.php
November 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A privileged attacker can upload a malicious file via
blog_theme.php on Dotclear, in order for example to upload a
Trojan.
– Impacted products: Dotclear.
– Severity: 1/4.
– Creation date: 14/11/2016.
DESCRIPTION OF THE VULNERABILITY
The Dotclear product offers a web service.
A super-administrator can upload a file via blog_theme.php.
However, a PHP file can be uploaded on the server, and then
executed.
A privileged attacker can therefore upload a malicious file via
blog_theme.php on Dotclear, in order for example to upload a
Trojan.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Dotclear-file-upload-via-blog-theme-php-21111
Some