Dotclear@* Security Vulnerabilities and Issues — Dotclear@* CVE List

Lucene search

DotclearDotclear*

5 matches found

CVE•added 2014/05/22 3:13 p.m.•46 views

CVE-2014-3783

SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter.

6CVSS8AI score0.00327EPSS

CVE•added 2014/06/11 2:55 p.m.•39 views

CVE-2014-3781

The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request.

5.8CVSS7.1AI score0.00447EPSS

CVE•added 2014/06/11 2:55 p.m.•38 views

CVE-2014-3782

Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some other PHP file extens...

6CVSS7.4AI score0.00829EPSS

CVE•added 2014/09/22 1:55 a.m.•35 views

CVE-2014-5316

Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page.

4.3CVSS5.7AI score0.00309EPSS

CVE•added 2014/05/16 3:55 p.m.•29 views

CVE-2014-1613

Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dc_passwd cookie to a password-protected page, which is not properly handled by (1) inc/public/lib.urlhandlers.php or (2) plugins/pages/_public.php.

7.5CVSS7.8AI score0.0058EPSS