CVE-2024-58281

HighPublic PoC

Published: 10 December 2025

Published

10 December 2025

Modified

19 December 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0016 36.4th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload process by crafting a PHP shell with a command execution form to…

gain system access through the uploaded file.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the unrestricted PHP file upload flaw in Dotclear 2.29 media functionality to prevent remote code execution.

SI-10 Information Input Validation good match

prevent

Validates inputs to the media upload process to detect and reject malicious PHP shells or dangerous file content before processing.

SI-9 Information Input Restrictions good match

prevent

Enforces restrictions on media upload file types to block dangerous executables like PHP files exploited in this vulnerability.

Security SummaryAI

CVE-2024-58281 is a remote code execution vulnerability affecting Dotclear version 2.29, a PHP-based blogging platform. The flaw resides in the media upload functionality, which permits authenticated attackers to upload malicious PHP files. By crafting a PHP shell containing a command execution form, attackers can exploit this unrestricted file upload process to achieve arbitrary code execution on the server.

The vulnerability requires low privileges, as indicated by its CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Any authenticated user, such as a low-level contributor or editor, can exploit it over the network with low complexity and no user interaction. Successful exploitation grants high-impact confidentiality, integrity, and availability compromises, enabling full system access through the uploaded and executed PHP shell (CWE-434: Unrestricted Upload of File with Dangerous Type).

Advisories from Vulncheck document the remote code execution via authenticated file upload, while Exploit-DB hosts a public exploit (ID 52037). Dotclear repositories on Git and GitHub provide access to source code, potentially including patches in the master branch.

An exploit is publicly available, indicating potential for real-world abuse against unpatched Dotclear 2.29 installations.

Details

CWE(s): CWE-434

Affected Products

dotclear

2.29

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1505.003 Web Shell Persistence

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

attack.mitre.org →

Why these techniques?

The vulnerability enables remote code execution via unrestricted authenticated file upload of malicious PHP shells in a public-facing web application, directly facilitating T1190 (Exploit Public-Facing Application) and T1100 (Web Shell).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://git.dotclear.org/explore/repos
Broken Link · disclosure@vulncheck.com
https://github.com/dotclear/dotclear/archive/refs/heads/master.zip
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/52037
Exploit, Third Party Advisory · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/dotclear-remote-code-execution-via-authenticated-file-upload
Third Party Advisory · disclosure@vulncheck.com
https://github.com/dotclear/dotclear/archive/refs/heads/master.zip
Product · 134c704f-9b21-4f2e-91b3-4a467353bcc0