Description
Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dc_passwd cookie to a password-protected page, which is not properly handled by (1) inc/public/lib.urlhandlers.php or (2) plugins/pages/_public.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin PWA for WP & AMP Unspecified Vulnerability (1.0.8)
WordPress Insecure Default Initialization of Resource Vulnerability (CVE-2017-5491)
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-33331)
TYPO3 Improper Authentication Vulnerability (CVE-2014-3945)
OpenSSL Improper Input Validation Vulnerability (CVE-2008-5077)