4 matches found
[KIS-2014-07] Dotclear <= 2.6.2 (categories.php) SQL Injection Vulnerability
-------------------------------------------------------------- Dotclear = 2.6.2 categories.php SQL Injection Vulnerability -------------------------------------------------------------- - Software Link: http://dotclear.org/ - Affected Versions: Version 2.6.2 and probably prior versions. -...
CVE-2014-3783
SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categoriesorder parameter...
CVE-2014-3783
Dotclear 2.6.2 and earlier suffer an SQL injection in admin/categories.php via the categories_order POST parameter. The vulnerability arises because input from $_POST['categories_order'] is not properly sanitized before being passed to dcBlog::updCategoryPosition, which calls nestedTree::updatePo...
Dotclear 2.6.2 SQL Injection
-------------------------------------------------------------- Dotclear itemid 76. $core-blog-updCategoryPosition$category-itemid, $category-left, $category-right; 77. 78. 79. 80. dcPage::addSuccessNotice'Categories have been successfully reordered.'; 81. http::redirect'categories.php'; 82. User...