Primary

Context

Dotclear Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in Dotclear version 2.29. This issue allows authenticated attackers to upload malicious PHP files via the media upload feature. Exploitation involves crafting a PHP shell that includes a command execution form, which can then be used to gain system access through the uploaded file.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where Dotclear 2.29 is installed.

Reproduction

To reproduce this vulnerability, an authenticated user must upload a PHP file through the media upload functionality. The uploaded file can be crafted to include a PHP shell that allows command execution. Once the file is uploaded, it can be accessed and executed on the server.

Added: Dec 10, 2025, 10:34 PM

Updated: Dec 10, 2025, 10:34 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

6.8

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

6.8

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dotclear Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Dotclear

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating