Vulnerabilities > CVE-2006-2866 - Unspecified vulnerability in Dotclear
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN dotclear
exploit available
Summary
PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Exploit-Db
| description | DotClear <= 1.2.4 (prepend.php) Arbitrary Remote Inclusion Exploit. CVE-2006-2866. Webapps exploit for php platform |
| id | EDB-ID:1869 |
| last seen | 2016-01-31 |
| modified | 2006-06-03 |
| published | 2006-06-03 |
| reporter | rgod |
| source | https://www.exploit-db.com/download/1869/ |
| title | DotClear <= 1.2.4 prepend.php Arbitrary Remote Inclusion Exploit |
References
- http://retrogod.altervista.org/dotclear_124_php5_xpl.html
- http://retrogod.altervista.org/dotclear_124_php5_xpl.html
- http://secunia.com/advisories/20437
- http://secunia.com/advisories/20437
- http://securityreason.com/securityalert/1053
- http://securityreason.com/securityalert/1053
- http://www.securityfocus.com/archive/1/435873/100/0/threaded
- http://www.securityfocus.com/archive/1/435873/100/0/threaded
- http://www.securityfocus.com/bid/18259
- http://www.securityfocus.com/bid/18259
- http://www.vupen.com/english/advisories/2006/2137
- http://www.vupen.com/english/advisories/2006/2137
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26917
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26917