Dotclear Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Dotclear version 2.25.3. This issue allows authenticated attackers to upload malicious PHP files with a .phar extension through the blog post creation interface. The uploaded files can contain PHP system commands that are executed when the file is accessed, leading to arbitrary code execution on the server.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where Dotclear 2.25.3 is installed.

Reproduction

To reproduce this vulnerability, log into a Dotclear 2.25.3 account that has permission to create blog posts. While writing a post, upload a file with a .phar extension containing a PHP payload, such as a command to be executed by the system. Once the post is published, access the uploaded .phar file through the blog, which will trigger the execution of the embedded PHP code.