Lucene search

[email protected]CVE-2014-1613

HistoryMay 16, 2014 - 3:55 p.m.

CVE-2014-1613

2014-05-1615:55:04

CWE-94

[email protected]

web.nvd.nist.gov

dotclear

cve-2014-1613

remote code execution

php

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.4%

JSON

Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dc_passwd cookie to a password-protected page, which is not properly handled by (1) inc/public/lib.urlhandlers.php or (2) plugins/pages/_public.php.

Affected configurations

NVD

Node

dotcleardotclearRange≤2.6.1

dotcleardotclearMatch2.0

dotcleardotclearMatch2.0beta_2

dotcleardotclearMatch2.0beta_3

dotcleardotclearMatch2.0beta_4

dotcleardotclearMatch2.0beta_5.2

dotcleardotclearMatch2.0beta_5.4

dotcleardotclearMatch2.0beta_6

dotcleardotclearMatch2.0beta_7

dotcleardotclearMatch2.0rc1

dotcleardotclearMatch2.0rc2

dotcleardotclearMatch2.0.1

dotcleardotclearMatch2.0.2

dotcleardotclearMatch2.1

dotcleardotclearMatch2.1.1

dotcleardotclearMatch2.1.3

dotcleardotclearMatch2.1.4

dotcleardotclearMatch2.1.5

dotcleardotclearMatch2.1.6

dotcleardotclearMatch2.1.7

dotcleardotclearMatch2.2

dotcleardotclearMatch2.2.1

dotcleardotclearMatch2.2.2

dotcleardotclearMatch2.2.3

dotcleardotclearMatch2.3.0

dotcleardotclearMatch2.3.1

dotcleardotclearMatch2.4.2

dotcleardotclearMatch2.4.3

dotcleardotclearMatch2.4.4

dotcleardotclearMatch2.5.0

dotcleardotclearMatch2.5.1

dotcleardotclearMatch2.5.2

dotcleardotclearMatch2.5.3

dotcleardotclearMatch2.6-

dotcleardotclearMatch2.6rc

CPENameOperatorVersion
dotclear:dotcleardotclearle2.6.1
dotclear:dotcleardotcleareq2.0
dotclear:dotcleardotcleareq2.0.1
dotclear:dotcleardotcleareq2.0.2
dotclear:dotcleardotcleareq2.1
dotclear:dotcleardotcleareq2.1.1
dotclear:dotcleardotcleareq2.1.3
dotclear:dotcleardotcleareq2.1.4
dotclear:dotcleardotcleareq2.1.5
dotclear:dotcleardotcleareq2.1.6

CPE	Name	Operator	Version
dotclear:dotclear	dotclear	le	2.6.1
dotclear:dotclear	dotclear	eq	2.0
dotclear:dotclear	dotclear	eq	2.0.1
dotclear:dotclear	dotclear	eq	2.0.2
dotclear:dotclear	dotclear	eq	2.1
dotclear:dotclear	dotclear	eq	2.1.1
dotclear:dotclear	dotclear	eq	2.1.3
dotclear:dotclear	dotclear	eq	2.1.4
dotclear:dotclear	dotclear	eq	2.1.5
dotclear:dotclear	dotclear	eq	2.1.6

Rows per page:

1-10 of 251

References

dotclear.org/blog/post/2014/01/20/Dotclear-2.6.2

labs.mwrinfosecurity.com/advisories/2014/05/14/dotclear-php-object-injection/

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.4%

JSON

Related for CVE-2014-1613

nvd1 cvelist1 ubuntucve1 prion1