Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 5 Oct 2016 23:43:04 +0800 (GMT+08:00)
From: "Hongkun Zeng" <hongkun.zeng@...ppsecurity.com.cn>
To: oss-security <oss-security@...ts.openwall.com>
Subject: CVE-2016-7902: Dotclear <= 2.10.2 (Media Manager) Unrestricted File
 Upload

Vulnerability: Dotclear <= 2.10.2 (Media Manager) Unrestricted File Upload
CVE: CVE-2016-7902
Discovered by: Hongkun Zeng (http://www.dbappsecurity.com.cn/)


Dotclear is an open source blog publishing application distributed under the GNU GPLv2.


The fileUnzip->unzip() method not properly verifying the extension of files in zip archive.
This could be exploited to execute arbitrary PHP code by uploading a zip archive file contain the files which extensions (like .php.txt or .php%20).
Successful exploitation of this vulnerability requires an account with permissions to manage media items.


Fix commit: https://hg.dotclear.org/dotclear/rev/a9db771a5a70


Best Regards,
Hongkun Zeng
---------------------------------------------------
hongkun.zeng@...ppsecurity.com.cn

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.