1
Candidate: CVE-2014-1613
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1613
5
http://dotclear.org/blog/post/2014/01/20/Dotclear-2.6.2
6
https://labs.mwrinfosecurity.com/advisories/2014/05/14/dotclear-php-object-injection/
8
Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code
9
via a serialized object in the dc_passwd cookie to a password-protected
10
page, which is not properly handled by (1) inc/public/lib.urlhandlers.php
11
or (2) plugins/pages/_public.php.
16
Discovered-by: Charlie Briggs
20
upstream_dotclear: released (2.6.2)
22
precise_dotclear: ignored (reached end-of-life)
23
precise/esm_dotclear: DNE (precise was needed)
24
saucy_dotclear: ignored (reached end-of-life)
25
trusty_dotclear: not-affected
26
utopic_dotclear: not-affected
27
vivid_dotclear: not-affected
28
vivid/stable-phone-overlay_dotclear: DNE
29
vivid/ubuntu-core_dotclear: DNE
30
wily_dotclear: not-affected
31
xenial_dotclear: not-affected