Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown
CVE-2014-5316
Disclosure Date: September 22, 2014 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page.
0
Attacker Value
Unknown
CVE-2014-3783
Disclosure Date: May 22, 2014 (last updated October 05, 2023)
SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter.
0
Attacker Value
Unknown
CVE-2014-1613
Disclosure Date: May 16, 2014 (last updated October 05, 2023)
Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dc_passwd cookie to a password-protected page, which is not properly handled by (1) inc/public/lib.urlhandlers.php or (2) plugins/pages/_public.php.
0
Attacker Value
Unknown
CVE-2011-5083
Disclosure Date: March 19, 2012 (last updated October 04, 2023)
Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory.
0