Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 5 Oct 2016 23:43:04 +0800 (GMT+08:00)
From: "Hongkun Zeng" <hongkun.zeng@...ppsecurity.com.cn>
To: oss-security <oss-security@...ts.openwall.com>
Subject: CVE-2016-7902: Dotclear <= 2.10.2 (Media Manager) Unrestricted File
 Upload

Vulnerability: Dotclear <= 2.10.2 (Media Manager) Unrestricted File Upload
CVE: CVE-2016-7902
Discovered by: Hongkun Zeng (http://www.dbappsecurity.com.cn/)


Dotclear is an open source blog publishing application distributed under the GNU GPLv2.


The fileUnzip->unzip() method not properly verifying the extension of files in zip archive.
This could be exploited to execute arbitrary PHP code by uploading a zip archive file contain the files which extensions (like .php.txt or .php%20).
Successful exploitation of this vulnerability requires an account with permissions to manage media items.


Fix commit: https://hg.dotclear.org/dotclear/rev/a9db771a5a70


Best Regards,
Hongkun Zeng
---------------------------------------------------
hongkun.zeng@...ppsecurity.com.cn

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ