1 matches found
CVE-2014-1613
Dotclear vulnerable before 2.6.2: a serialized object in the dc_passwd cookie can trigger remote PHP code execution via untrusted handling in inc/public/lib.urlhandlers.php or plugins/pages/_public.php. Affected: Dotclear 2.x