CyberSec.Space Logo
Back to CVE Browser

CVE-2005-3963

HIGH
7.5
CVSS Severity Score
EPSS Score0.1580%
EPSS Percentile41.98th
PublishedDec 2, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter in a cookie.

Affected Platforms (CPE)

πŸ“¦
Dotclear

Dotclear

= 1.2.1
πŸ“¦
Dotclear

Dotclear

= 1.2.2

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/fulldisclosure/2005-11/1052.html
πŸ”— http://secunia.com/advisories/17830
πŸ”— http://www.dotclear.net/forum/viewtopic.php?id=13876
πŸ”— http://www.osvdb.org/21333
πŸ”— http://www.securityfocus.com/bid/15667
πŸ”— http://www.vupen.com/english/advisories/2005/2677
πŸ”— http://www.zone-h.org/advisories/read/id=8485
πŸ”— http://archives.neohapsis.com/archives/fulldisclosure/2005-11/1052.html

Related Vulnerabilities

CVE-2005-395710.0

Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors.

CVE-2008-32329.3

Unrestricted file upload vulnerability in ecrire/images.php in Dotclear 1.2.7.1 and earlier allows remote authenticated users to e...

CVE-2015-88328.8

Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated us...

CVE-2016-79028.8

Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users ...