Description
SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter.
Remediation
References
Related Vulnerabilities
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4320)
WordPress Plugin Custom Dashboard & Login Page-AGCA Multiple Unspecified Vulnerabilities (1.5.4.2)
WordPress Plugin Duplicator-WordPress Migration Cross-Site Scripting (1.2.28)
Oracle JRE CVE-2020-2655 Vulnerability (CVE-2020-2655)
PHP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2017-7963)