Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Dotclear Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2014-1613 - Vulnerability Database
Dotclear

Dotclear Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2014-1613

High
Reference: CVE-2014-1613
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-1613
Title: Dotclear Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dc_passwd cookie to a password-protected page which is not properly handled by (1) inc/public/lib.urlhandlers.php or (2) plugins/pages/_public.php.