Gplhost : Security Vulnerabilities, CVEs, CVSS score >= 7
The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges.
Max CVSS
7.5
EPSS Score
0.16%
Published
2014-03-21
Updated
2014-03-21
The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/.
Max CVSS
7.5
EPSS Score
0.20%
Published
2014-03-21
Updated
2014-03-24
Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php.
Max CVSS
7.5
EPSS Score
0.45%
Published
2011-03-07
Updated
2017-08-17
SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3, (11) zipcode, (12) city, (13) state, (14) country, and (15) vat_num parameters.
Max CVSS
7.5
EPSS Score
0.78%
Published
2009-02-03
Updated
2017-08-08
4 vulnerabilities found