CVE-2014-3783
NONE EPSS 73.9%
Published May 22, 201412y ago · Modified Jun 17, 20262w ago
Published May 22, 2014 12y ago
Last Modified Jun 17, 2026 2w ago
Description
SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter.
Threat Intelligence
EPSS Exploit Probability
73.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-89 SQL Injection Injection
Affected Products 44
| Vendor | Product | Version | Range |
|---|---|---|---|
| dotclear | dotclear | * | ≤2.6.2 |
| dotclear | dotclear | 1.2.1 | any |
| dotclear | dotclear | 1.2.2 | any |
| dotclear | dotclear | 1.2.3 | any |
| dotclear | dotclear | 1.2.4 | any |
| dotclear | dotclear | 1.2.5 | any |
| dotclear | dotclear | 1.2.6 | any |
| dotclear | dotclear | 1.2.7 | any |
| dotclear | dotclear | 1.2.8 | any |
| dotclear | dotclear | 2.0 | any |
| dotclear | dotclear | 2.0 | any |
| dotclear | dotclear | 2.0 | any |
| dotclear | dotclear | 2.0 | any |
| dotclear | dotclear | 2.0 | any |
| dotclear | dotclear | 2.0 | any |
| dotclear | dotclear | 2.0 | any |
| dotclear | dotclear | 2.0 | any |
| dotclear | dotclear | 2.0 | any |
| dotclear | dotclear | 2.0 | any |
| dotclear | dotclear | 2.0.1 | any |
| dotclear | dotclear | 2.0.2 | any |
| dotclear | dotclear | 2.1 | any |
| dotclear | dotclear | 2.1.1 | any |
| dotclear | dotclear | 2.1.3 | any |
| dotclear | dotclear | 2.1.4 | any |
| dotclear | dotclear | 2.1.5 | any |
| dotclear | dotclear | 2.1.6 | any |
| dotclear | dotclear | 2.1.7 | any |
| dotclear | dotclear | 2.2 | any |
| dotclear | dotclear | 2.2.1 | any |
| dotclear | dotclear | 2.2.2 | any |
| dotclear | dotclear | 2.2.3 | any |
| dotclear | dotclear | 2.3.0 | any |
| dotclear | dotclear | 2.3.1 | any |
| dotclear | dotclear | 2.4.2 | any |
| dotclear | dotclear | 2.4.3 | any |
| dotclear | dotclear | 2.4.4 | any |
| dotclear | dotclear | 2.5.0 | any |
| dotclear | dotclear | 2.5.1 | any |
| dotclear | dotclear | 2.5.2 | any |
| dotclear | dotclear | 2.5.3 | any |
| dotclear | dotclear | 2.6 | any |
| dotclear | dotclear | 2.6 | any |
| dotclear | dotclear | 2.6.1 | any |
References 5
- dotclear.org http://dotclear.org/blog/post/2014/05/16/Dotclear-2.6.3
- karmainsecurity.com http://karmainsecurity.com/KIS-2014-07
- packetstormsecurity.com http://packetstormsecurity.com/files/126768/Dotclear-2.6.2-SQL-Injection.html
- seclists.org http://seclists.org/fulldisclosure/2014/May/109
- securityfocus.com http://www.securityfocus.com/archive/1/532185/100/0/threaded
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.