Description
SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter.
Remediation
References
Related Vulnerabilities
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.17)
WordPress Plugin Theme Check Cross-Site Request Forgery (20190208.1)
WordPress Plugin YITH WooCommerce Multi Vendor Security Bypass (3.4.0)
PHP CVE-2011-1467 Vulnerability (CVE-2011-1467)
Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5593)