Dotclear Unrestricted Upload of File with Dangerous Type Vulnerability - CVE-2016-9268

Unrestricted file upload vulnerability in the Blog appearance in the quotInstall or upgrade manuallyquot module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension and then accessing it via unspecified vectors.