Cyber Resilience

CVE-2024-58281

HighPublic PoC

Published: 10 December 2025

Published
10 December 2025
Modified
19 December 2025
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0023 45.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-58281 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Dotclear Dotclear. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-58281 is a remote code execution vulnerability affecting Dotclear version 2.29, a PHP-based blogging platform. The flaw resides in the media upload functionality, which permits authenticated attackers to upload malicious PHP files. By crafting a PHP shell containing a command execution form, attackers can exploit this unrestricted file upload process to achieve arbitrary code execution on the server.

The vulnerability requires low privileges, as indicated by its CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Any authenticated user, such as a low-level contributor or editor, can exploit it over the network with low complexity and no user interaction. Successful exploitation grants high-impact confidentiality, integrity, and availability compromises, enabling full system access through the uploaded and executed PHP shell (CWE-434: Unrestricted Upload of File with Dangerous Type).

Advisories from Vulncheck document the remote code execution via authenticated file upload, while Exploit-DB hosts a public exploit (ID 52037). Dotclear repositories on Git and GitHub provide access to source code, potentially including patches in the master branch.

An exploit is publicly available, indicating potential for real-world abuse against unpatched Dotclear 2.29 installations.

EU & UK References

Vulnerability details

Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload process by crafting a PHP shell with a command execution form to…

more

gain system access through the uploaded file.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

The vulnerability enables remote code execution via unrestricted authenticated file upload of malicious PHP shells in a public-facing web application, directly facilitating T1190 (Exploit Public-Facing Application) and T1100 (Web Shell).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2023-53952Same product: Dotclear Dotclear
CVE-2025-46384Shared CWE-434
CVE-2025-13516Shared CWE-434
CVE-2024-13011Shared CWE-434
CVE-2025-8323Shared CWE-434
CVE-2025-21624Shared CWE-434
CVE-2026-35164Shared CWE-434
CVE-2026-2097Shared CWE-434
CVE-2025-12154Shared CWE-434
CVE-2026-42748Shared CWE-434

Affected Assets

dotclear
dotclear
2.29

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the unrestricted PHP file upload flaw in Dotclear 2.29 media functionality to prevent remote code execution.

prevent

Validates inputs to the media upload process to detect and reject malicious PHP shells or dangerous file content before processing.

prevent

Enforces restrictions on media upload file types to block dangerous executables like PHP files exploited in this vulnerability.

References