WEB APPLICATION VULNERABILITIES Standard & Premium

Dotclear Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-1613)

Description

Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dc_passwd cookie to a password-protected page, which is not properly handled by (1) inc/public/lib.urlhandlers.php or (2) plugins/pages/_public.php.

Remediation

References

Related Vulnerabilities

OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-23839)

WordPress Plugin WP AutoComplete Search SQL Injection (1.0.4)

Perl Out-of-bounds Read Vulnerability (CVE-2015-8608)

WordPress Plugin WP-PostViews Cross-Site Request Forgery (1.62)

WordPress Plugin CP Contact Form with PayPal Cross-Site Scripting (1.2.97)

Severity

High

Classification

CVE-2014-1613 CWE-94

Tags

Missing Update Known Vulnerabilities