CVE-2024-58281 PUBLISHED

Dotclear 2.29 Remote Code Execution via Authenticated File Upload

Assigner: VulnCheck
Reserved: 10.12.2025 Published: 10.12.2025 Updated: 11.12.2025

Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload process by crafting a PHP shell with a command execution form to gain system access through the uploaded file.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.7

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	High	Integrity	None
Attack Requirements	None	Availability	High	Availability	None
Privileges Required	Low
User Interaction	None

CVSS 4.0

Product Status

Vendor	dotclear
Product	Dotclear
Versions	Default: unaffected Version 2.29 is affected

CVE-2024-58281 PUBLISHED

Dotclear 2.29 Remote Code Execution via Authenticated File Upload

Metrics

Product Status

Credits

References

Problem Types