{"id":"CVE-2016-9268","details":"Unrestricted file upload vulnerability in the Blog appearance in the \"Install or upgrade manually\" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors.","modified":"2026-04-10T03:54:09.179463Z","published":"2016-11-10T20:59:00.177Z","references":[{"type":"ADVISORY","url":"http://dev.dotclear.org/2.0/ticket/2214"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94246"},{"type":"FIX","url":"http://dev.dotclear.org/2.0/changeset/445e9ff79a1fa81033591761d6a340e219d159b2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dotclear/dotclear","events":[{"introduced":"0"},{"last_affected":"00baf5019faed632d5c2cb1c86dae6b427469cf6"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.10.4"}]}}],"versions":["2.10.0","2.10.1","2.10.2","2.10.3","2.10.4","2.3.0","2.4.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9268.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}