SQL Injection Vulnerability in Dotclear Affected by Remote User Exploits
CVE-2014-3783

Currently unrated

Key Information:

Vendor

Dotclear

Status
Dotclear
Vendor
CVE Published:
22 May 2014

What is CVE-2014-3783?

A SQL injection vulnerability exists in the admin/categories.php file of Dotclear versions prior to 2.6.3. This issue allows remote authenticated users with permission to manage categories to execute arbitrary SQL commands via the categories_order parameter. This exploit can compromise the integrity and security of the web application, necessitating immediate attention and remediation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://dotclear.org/blog/post/2014/05/16/Dotclear-2.6.3
x_refsource_CONFIRM
http://packetstormsecurity.com/files/126768/Dotclear-2.6....
x_refsource_MISC
http://karmainsecurity.com/KIS-2014-07
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.