Dotclear: >> Dotclear >> 2.29 Security Vulnerabilities
Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload process by crafting a PHP shell with a command execution form to gain system access through the uploaded file.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-12-10
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-03-21