Description
SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter.
Remediation
References
Related Vulnerabilities
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9276)
Apache Traffic Server Improper Access Control Vulnerability (CVE-2014-3624)
MySQL CVE-2019-2780 Vulnerability (CVE-2019-2780)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-5498)
WordPress Plugin Social Share Button Cross-Site Scripting (2.1)