Description

SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter.

Remediation

References

CVE-2014-3783

Related Vulnerabilities

WordPress Cross-Site Scripting Vulnerability (0.70 - 4.1.1)

Python Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2008-3142)

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-2397)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41174)

WordPress 4.8.x Possible SQL Injection Vulnerability (4.8 - 4.8.2)

Severity

Medium

Classification

CVE-2014-3783 CWE-138

Tags

Missing Update Known Vulnerabilities