CVE-2024-58281
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-19
Assigner: VulnCheck
Description
Description
Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload process by crafting a PHP shell with a command execution form to gain system access through the uploaded file.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dotclear | dotclear | 2.29 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Dotclear 2.29 allows authenticated attackers to upload malicious PHP files via the media upload functionality. By uploading a crafted PHP shell containing a command execution form, attackers can execute commands on the system and gain unauthorized system access.
How can this vulnerability impact me? :
The vulnerability can lead to remote code execution on the affected system, allowing attackers to gain unauthorized access, execute arbitrary commands, and potentially take full control of the system hosting Dotclear 2.29.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70