CVE-2024-58281
Dotclear 2.29 Remote Code Execution via Authenticated File Upload
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload process by crafting a PHP shell with a command execution form to gain system access through the uploaded file.
| CWE | CWE-434 |
| Vendor | dotclear |
| Product | dotclear |
| Published | Dec 10, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for dotclear dotclear
Be the first to know when new unknown vulnerabilities affecting dotclear dotclear are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
Affected Versions
dotclear / Dotclear
2.29
References
exploit-db.com: https://www.exploit-db.com/exploits/52037 git.dotclear.org: https://git.dotclear.org/explore/repos github.com: https://github.com/dotclear/dotclear/archive/refs/heads/master.zip vulncheck.com: https://www.vulncheck.com/advisories/dotclear-remote-code-execution-via-authenticated-file-upload
Credits
Ahmet Γmit BAYRAM