Vulnerabilities > Dotclear > Dotclear > 1.2.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-06-06 | CVE-2006-2866 | Remote File Include vulnerability in DotClear Prepend.PHP PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5. | 5.1 |
2005-12-02 | CVE-2005-3963 | SQL Injection vulnerability in Dotclear 1.2.1/1.2.2 SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter in a cookie. | 7.5 |