Vulnerabilities > Dotclear > High

DATE CVE VULNERABILITY TITLE RISK
2014-05-16 CVE-2014-1613 Code Injection vulnerability in Dotclear
Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dc_passwd cookie to a password-protected page, which is not properly handled by (1) inc/public/lib.urlhandlers.php or (2) plugins/pages/_public.php.
network
low complexity
dotclear CWE-94
7.5
7.5
2012-03-19 CVE-2011-5083 Permissions, Privileges, and Access Controls vulnerability in Dotclear 2.3.1/2.4.2
Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory.
network
low complexity
dotclear CWE-264
7.5
7.5
2005-12-02 CVE-2005-3963 SQL Injection vulnerability in Dotclear 1.2.1/1.2.2
SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter in a cookie.
network
low complexity
dotclear
7.5
7.5