Vulnerabilities > CVE-2006-2866 - Unspecified vulnerability in Dotclear

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
dotclear
exploit available

Summary

PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5.

Vulnerable Configurations

Part Description Count
Application
Dotclear
4

Exploit-Db

descriptionDotClear <= 1.2.4 (prepend.php) Arbitrary Remote Inclusion Exploit. CVE-2006-2866. Webapps exploit for php platform
idEDB-ID:1869
last seen2016-01-31
modified2006-06-03
published2006-06-03
reporterrgod
sourcehttps://www.exploit-db.com/download/1869/
titleDotClear <= 1.2.4 prepend.php Arbitrary Remote Inclusion Exploit