HIGH
Dotclear
CVE published 2017-02-09
CVE-2015-8832
CVE-2015-8832 is a high-severity authenticated remote code execution issue in Dotclear before 2.8.2. The vulnerable upload handling in inc/core/class.dc.core.php used incomplete blacklist filtering, allowing a user with limited management permissions to upload PHP-capable files such as .pht, .phps, or .phtml and execute server-side code.