Lucene search
MitreCVE-2014-3783HistoryMay 22, 2014 - 3:13 p.m.
CVE-2014-3783
2014-05-2215:13:04
CWE-89
mitre
web.nvd.nist.gov
29
sql injection
dotclear
admin/categories.php
cve-2014-3783
security vulnerability
nvd
CVSS2
6
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
8
Confidence
Low
EPSS
0.003
Percentile
66.2%
SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter.
Affected configurations
Node
dotcleardotclearRange≤2.6.2
ORdotcleardotclearMatch1.2.1
ORdotcleardotclearMatch1.2.2
ORdotcleardotclearMatch1.2.3
ORdotcleardotclearMatch1.2.4
ORdotcleardotclearMatch1.2.5
ORdotcleardotclearMatch1.2.6
ORdotcleardotclearMatch1.2.7
ORdotcleardotclearMatch1.2.8
ORdotcleardotclearMatch2.0
ORdotcleardotclearMatch2.0beta_2
ORdotcleardotclearMatch2.0beta_3
ORdotcleardotclearMatch2.0beta_4
ORdotcleardotclearMatch2.0beta_5.2
ORdotcleardotclearMatch2.0beta_5.4
ORdotcleardotclearMatch2.0beta_6
ORdotcleardotclearMatch2.0beta_7
ORdotcleardotclearMatch2.0rc1
ORdotcleardotclearMatch2.0rc2
ORdotcleardotclearMatch2.0.1
ORdotcleardotclearMatch2.0.2
ORdotcleardotclearMatch2.1
ORdotcleardotclearMatch2.1.1
ORdotcleardotclearMatch2.1.3
ORdotcleardotclearMatch2.1.4
ORdotcleardotclearMatch2.1.5
ORdotcleardotclearMatch2.1.6
ORdotcleardotclearMatch2.1.7
ORdotcleardotclearMatch2.2
ORdotcleardotclearMatch2.2.1
ORdotcleardotclearMatch2.2.2
ORdotcleardotclearMatch2.2.3
ORdotcleardotclearMatch2.3.0
ORdotcleardotclearMatch2.3.1
ORdotcleardotclearMatch2.4.2
ORdotcleardotclearMatch2.4.3
ORdotcleardotclearMatch2.4.4
ORdotcleardotclearMatch2.5.0
ORdotcleardotclearMatch2.5.1
ORdotcleardotclearMatch2.5.2
ORdotcleardotclearMatch2.5.3
ORdotcleardotclearMatch2.6-
ORdotcleardotclearMatch2.6rc
ORdotcleardotclearMatch2.6.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| dotclear | dotclear | * | cpe:2.3:a:dotclear:dotclear:*:*:*:*:*:*:*:* |
| dotclear | dotclear | 1.2.1 | cpe:2.3:a:dotclear:dotclear:1.2.1:*:*:*:*:*:*:* |
| dotclear | dotclear | 1.2.2 | cpe:2.3:a:dotclear:dotclear:1.2.2:*:*:*:*:*:*:* |
| dotclear | dotclear | 1.2.3 | cpe:2.3:a:dotclear:dotclear:1.2.3:*:*:*:*:*:*:* |
| dotclear | dotclear | 1.2.4 | cpe:2.3:a:dotclear:dotclear:1.2.4:*:*:*:*:*:*:* |
| dotclear | dotclear | 1.2.5 | cpe:2.3:a:dotclear:dotclear:1.2.5:*:*:*:*:*:*:* |
| dotclear | dotclear | 1.2.6 | cpe:2.3:a:dotclear:dotclear:1.2.6:*:*:*:*:*:*:* |
| dotclear | dotclear | 1.2.7 | cpe:2.3:a:dotclear:dotclear:1.2.7:*:*:*:*:*:*:* |
| dotclear | dotclear | 1.2.8 | cpe:2.3:a:dotclear:dotclear:1.2.8:*:*:*:*:*:*:* |
| dotclear | dotclear | 2.0 | cpe:2.3:a:dotclear:dotclear:2.0:*:*:*:*:*:*:* |
Related
packetstorm
packetstorm
Dotclear 2.6.2 SQL Injection
2014-05-22 00:00:00
securityvulns
securityvulns
ubuntucve
ubuntucve
CVE-2014-3783
2014-05-22 00:00:00
prion
prion
Sql injection
2014-05-22 15:13:00
cvelist
cvelist
CVE-2014-3783
2014-05-22 15:00:00
nvd
nvd
CVE-2014-3783
2014-05-22 15:13:04
openvas
openvas
Dotclear Multiple Vulnerabilities
2014-06-09 00:00:00
zdt
zdt
Dotclear 2.6.2 Multiple Vulnerability
2014-05-25 00:00:00
CVSS2
6
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
8
Confidence
Low
EPSS
0.003
Percentile
66.2%
Related for CVE-2014-3783