Lucene search
K

4 matches found

securityvulns
securityvulns
added 2014/06/14 12:0 a.m.535 views

[KIS-2014-07] Dotclear <= 2.6.2 (categories.php) SQL Injection Vulnerability

-------------------------------------------------------------- Dotclear = 2.6.2 categories.php SQL Injection Vulnerability -------------------------------------------------------------- - Software Link: http://dotclear.org/ - Affected Versions: Version 2.6.2 and probably prior versions. -...

6CVSS0.8AI score0.01665EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2014/05/22 3:13 p.m.34 views

CVE-2014-3783

SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categoriesorder parameter...

6CVSS6.2AI score0.01665EPSS
Exploits2References4
CVE
CVE
added 2014/05/22 3:0 p.m.58 views

CVE-2014-3783

Dotclear 2.6.2 and earlier suffer an SQL injection in admin/categories.php via the categories_order POST parameter. The vulnerability arises because input from $_POST['categories_order'] is not properly sanitized before being passed to dcBlog::updCategoryPosition, which calls nestedTree::updatePo...

6CVSS8AI score0.01665EPSS
Exploits2References5Affected Software1
Packet Storm
Packet Storm
added 2014/05/22 12:0 a.m.46 views

Dotclear 2.6.2 SQL Injection

-------------------------------------------------------------- Dotclear itemid 76. $core-blog-updCategoryPosition$category-itemid, $category-left, $category-right; 77. 78. 79. 80. dcPage::addSuccessNotice'Categories have been successfully reordered.'; 81. http::redirect'categories.php'; 82. User...

6CVSS0.2AI score0.01665EPSS
Exploits2
Rows per page
Query Builder