Vulnerability CVE-2014-3783


Published: 2014-05-22

Description:
SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Dotclear <= 2.6.2 (categories.php) SQL Injection
Egidio Romano
22.05.2014

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

Vendor: Dotclear
Product: Dotclear 
Version:
2.6.2
2.6.1
2.6
2.5.3
2.5.2
2.5.1
2.5.0
2.4.4
2.4.3
2.4.2
2.3.1
2.3.0
2.2.3
2.2.2
2.2.1
2.2
2.1.7
2.1.6
2.1.5
2.1.4
2.1.3
2.1.1
2.1
2.0.2
2.0.1
2.0
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6/10
6.4/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://dotclear.org/blog/post/2014/05/16/Dotclear-2.6.3
http://karmainsecurity.com/KIS-2014-07
http://packetstormsecurity.com/files/126768/Dotclear-2.6.2-SQL-Injection.html
http://seclists.org/fulldisclosure/2014/May/109
http://www.securityfocus.com/archive/1/532185/100/0/threaded

Related CVE
CVE-2018-16358
A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml.
CVE-2018-5690
Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number).
CVE-2018-5689
Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email.
CVE-2017-6446
XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters.
CVE-2015-8831
Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment.
CVE-2015-8832
Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries and comments" permissions to execute arbitrary PHP...
CVE-2016-7903
Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.
CVE-2016-7902
Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafte...

Copyright 2019, cxsecurity.com

 

Back to Top