CyberSec.Space Logo
CVEブラウザに戻る

CVE-2005-3963

HIGH
7.5
CVSS Severity Score
EPSS Score0.1580%
EPSS Percentile41.98th
Published2005年12月2日
Last Modified2026年4月16日

Vulnerability Description

SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter in a cookie.

Affected Platforms (CPE)

📦
Dotclear

Dotclear

= 1.2.1
📦
Dotclear

Dotclear

= 1.2.2

References & Advisories

🔗 http://archives.neohapsis.com/archives/fulldisclosure/2005-11/1052.html
🔗 http://secunia.com/advisories/17830
🔗 http://www.dotclear.net/forum/viewtopic.php?id=13876
🔗 http://www.osvdb.org/21333
🔗 http://www.securityfocus.com/bid/15667
🔗 http://www.vupen.com/english/advisories/2005/2677
🔗 http://www.zone-h.org/advisories/read/id=8485
🔗 http://archives.neohapsis.com/archives/fulldisclosure/2005-11/1052.html

関連する脆弱性情報

CVE-2005-395710.0

Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors.

CVE-2008-32329.3

Unrestricted file upload vulnerability in ecrire/images.php in Dotclear 1.2.7.1 and earlier allows remote authenticated users to e...

CVE-2015-88328.8

Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated us...

CVE-2016-79028.8

Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users ...