Summary
This host is installed with Dotclear and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to bypass authentication mechanisms, inject or manipulate SQL queries in the back-end database and attacker can to execute uploaded script with the privileges of the web server.
Impact Level: System/Application
Solution
Upgrade to version 2.6.3 or higher,
For updates refer to http://dotclear.org
Insight
- Flaw in due to 'dcXmlRpc::setUser()' method in 'class.dc.xmlrpc.php' fails to verify passwords before using it.
- Flaw is due to is due to the '/admin/categories.php' script not properly sanitizing user-supplied input to the 'categories_order' POST parameter.
- Flaw is due to is due to 'filemanager::isFileExclude()' method does not properly verify or sanitize user-uploaded files.
Affected
DotClear version before 2.6.3
Detection
Send a crafted HTTP POST request and try to bypass authentication.
References
Severity
Classification
-
CVE CVE-2014-3781, CVE-2014-3782, CVE-2014-3783 -
CVSS Base Score: 6.0
AV:N/AC:M/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat source.jsp malformed request information disclosure
- 3Com NBX VoIP NetSet Detection
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- AN Guestbook Local File Inclusion Vulnerability