|
Message-ID: <3fd205c8.3e9.15795832e18.Coremail.hongkun.zeng@dbappsecurity.com.cn> Date: Wed, 5 Oct 2016 23:43:04 +0800 (GMT+08:00) From: "Hongkun Zeng" <hongkun.zeng@...ppsecurity.com.cn> To: oss-security <oss-security@...ts.openwall.com> Subject: CVE-2016-7902: Dotclear <= 2.10.2 (Media Manager) Unrestricted File Upload Vulnerability: Dotclear <= 2.10.2 (Media Manager) Unrestricted File Upload CVE: CVE-2016-7902 Discovered by: Hongkun Zeng (http://www.dbappsecurity.com.cn/) Dotclear is an open source blog publishing application distributed under the GNU GPLv2. The fileUnzip->unzip() method not properly verifying the extension of files in zip archive. This could be exploited to execute arbitrary PHP code by uploading a zip archive file contain the files which extensions (like .php.txt or .php%20). Successful exploitation of this vulnerability requires an account with permissions to manage media items. Fix commit: https://hg.dotclear.org/dotclear/rev/a9db771a5a70 Best Regards, Hongkun Zeng --------------------------------------------------- hongkun.zeng@...ppsecurity.com.cn
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.