Dotclear

Dotclear

32 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2012-1039

Exploit
  • EPSS 4.03%
  • Veröffentlicht 19.03.2012 19:55:03
  • Zuletzt bearbeitet 16.06.2026 23:38:53

Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, ...

7.5

CVE-2011-5083

Exploit
  • EPSS 3.3%
  • Veröffentlicht 19.03.2012 18:55:02
  • Zuletzt bearbeitet 16.06.2026 23:35:54

Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in ...

6.5

CVE-2011-1584

Exploit
  • EPSS 1.69%
  • Veröffentlicht 08.06.2011 10:36:13
  • Zuletzt bearbeitet 16.06.2026 23:29:40

The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the media_path or media_fi...

4.3

CVE-2009-0933

  • EPSS 1.07%
  • Veröffentlicht 17.03.2009 22:30:00
  • Zuletzt bearbeitet 16.06.2026 23:06:08

Cross-site scripting (XSS) vulnerability in the administrative interface in Dotclear before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

9.3

CVE-2008-3232

  • EPSS 4.57%
  • Veröffentlicht 18.07.2008 16:41:00
  • Zuletzt bearbeitet 16.06.2026 22:55:25

Unrestricted file upload vulnerability in ecrire/images.php in Dotclear 1.2.7.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the fi...

2.6

CVE-2007-3688

  • EPSS 1.28%
  • Veröffentlicht 11.07.2007 17:30:00
  • Zuletzt bearbeitet 16.06.2026 22:42:31

Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the (1) tool_url parameter to ecrire/tools.php and multiple fields on the (2) blogconf, (3) blogroll, (4) ec...

4.3

CVE-2007-3672

  • EPSS 1.02%
  • Veröffentlicht 10.07.2007 19:30:00
  • Zuletzt bearbeitet 16.06.2026 22:42:30

Cross-site scripting (XSS) vulnerability in ecrire/tools.php in DotClear 1.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified form fields on the blogroll page.

4.3

CVE-2007-1989

  • EPSS 2.04%
  • Veröffentlicht 12.04.2007 10:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:41

Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php...

5

CVE-2006-3938

  • EPSS 2.09%
  • Veröffentlicht 31.07.2006 22:04:00
  • Zuletzt bearbeitet 16.06.2026 22:28:07

DotClear allows remote attackers to obtain sensitive information via a direct request for (1) edit_cat.php, (2) index.php, (3) edit_link.php in ecrire/tools/blogroll/; (4) syslog/index.php, (5) thememng/index.php, (6) toolsmng/index.php, (7) utf8conv...

5.1

CVE-2006-2866

Exploit
  • EPSS 3.12%
  • Veröffentlicht 06.06.2006 20:06:00
  • Zuletzt bearbeitet 16.06.2026 22:25:56

PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5.