CVE-2024-58281
Published: 10 December 2025
Summary
CVE-2024-58281 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Dotclear Dotclear. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the unrestricted PHP file upload flaw in Dotclear 2.29 media functionality to prevent remote code execution.
Validates inputs to the media upload process to detect and reject malicious PHP shells or dangerous file content before processing.
Enforces restrictions on media upload file types to block dangerous executables like PHP files exploited in this vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables remote code execution via unrestricted authenticated file upload of malicious PHP shells in a public-facing web application, directly facilitating T1190 (Exploit Public-Facing Application) and T1100 (Web Shell).
NVD Description
Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload process by crafting a PHP shell with a command execution form to…
more
gain system access through the uploaded file.
Deeper analysisAI
CVE-2024-58281 is a remote code execution vulnerability affecting Dotclear version 2.29, a PHP-based blogging platform. The flaw resides in the media upload functionality, which permits authenticated attackers to upload malicious PHP files. By crafting a PHP shell containing a command execution form, attackers can exploit this unrestricted file upload process to achieve arbitrary code execution on the server.
The vulnerability requires low privileges, as indicated by its CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Any authenticated user, such as a low-level contributor or editor, can exploit it over the network with low complexity and no user interaction. Successful exploitation grants high-impact confidentiality, integrity, and availability compromises, enabling full system access through the uploaded and executed PHP shell (CWE-434: Unrestricted Upload of File with Dangerous Type).
Advisories from Vulncheck document the remote code execution via authenticated file upload, while Exploit-DB hosts a public exploit (ID 52037). Dotclear repositories on Git and GitHub provide access to source code, potentially including patches in the master branch.
An exploit is publicly available, indicating potential for real-world abuse against unpatched Dotclear 2.29 installations.
Details
- CWE(s)