Dotclear Improper Access Control Vulnerability - CVE-2015-8832

Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with quotmanage their own media itemsquot and quotmanage their own entries and commentsquot permissions to execute arbitrary PHP code by uploading a file with a (1) .pht (2) .phps or (3) .phtml extension.