Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotcms dotcms vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2020-19138
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and previous versions allow remote malicious users to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".
Dotcms Dotcms
9.3
CVSSv2
CVE-2017-3189
The dotCMS administration panel, versions 3.7.1 and previous versions, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, there are no chec...
Dotcms Dotcms
9
CVSSv2
CVE-2017-11466
Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_u...
Dotcms Dotcms 4.1.1
7.5
CVSSv2
CVE-2020-6754
dotCMS prior to 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an malicious user to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files...
Dotcms Dotcms
7.5
CVSSv2
CVE-2017-5344
An issue exists in dotCMS up to and including 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a ne...
Dotcms Dotcms
1 EDB exploit
7.5
CVSSv2
CVE-2016-2355
SQL injection vulnerability in the REST API in dotCMS prior to 3.3.2 allows remote malicious users to execute arbitrary SQL commands via the stName parameter to api/content/save/1.
Dotcms Dotcms
1 Github repository
7.5
CVSSv2
CVE-2016-8902
SQL injection vulnerability in the categoriesServlet servlet in dotCMS prior to 3.3.1 allows remote not authenticated malicious users to execute arbitrary SQL commands via the sort parameter.
Dotcms Dotcms
7.5
CVSSv2
CVE-2008-7220
Unspecified vulnerability in Prototype JavaScript framework (prototypejs) prior to 1.6.0.2 allows malicious users to make "cross-site ajax requests" via unknown vectors.
Prototypejs Prototype
Debian Debian Linux 5.0
Debian Debian Linux 6.0
2 Github repositories
6.8
CVSSv2
CVE-2022-26352
An issue exists in the ContentResource API in dotCMS 3.0 up to and including 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage l...
Dotcms Dotcms
6.8
CVSSv2
CVE-2017-3187
The dotCMS administration panel, versions 3.7.1 and previous versions, are vulnerable to cross-site request forgery. The dotCMS administrator panel contains a cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim us...
Dotcms Dotcms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »