Dotclear Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-58281)
Description
Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload process by crafting a PHP shell with a command execution form to gain system access through the uploaded file.