Vulnerabilities > Dotclear > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-10 | CVE-2016-9268 | Unrestricted Upload of File with Dangerous Type vulnerability in Dotclear Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors. | 9.0 |
| 2008-07-18 | CVE-2008-3232 | Code Injection vulnerability in Dotclear Unrestricted file upload vulnerability in ecrire/images.php in Dotclear 1.2.7.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images. | 9.3 |
| 2005-12-01 | CVE-2005-3957 | Trackback vulnerability in Dotclear 1.2.1 Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors. | 10.0 |