Description

Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dc_passwd cookie to a password-protected page, which is not properly handled by (1) inc/public/lib.urlhandlers.php or (2) plugins/pages/_public.php.

Remediation

References

CVE-2014-1613

Related Vulnerabilities

WordPress Other Vulnerability (CVE-2007-3544)

MySQL CVE-2017-3243 Vulnerability (CVE-2017-3243)

WordPress Plugin WP Gravity Forms Insightly Cross-Site Scripting (1.0.6)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.19)

Oracle Database Server CVE-2018-2680 Vulnerability (CVE-2018-2680)

Severity

High

Classification

CVE-2014-1613 CWE-94

Tags

Missing Update Known Vulnerabilities