Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotcms dotcms vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2016-8903
SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS prior to 3.3.1 allows remote authenticated malicious users to execute arbitrary SQL commands via the orderby parameter.
Dotcms Dotcms
8.8
CVSSv3
CVE-2016-8904
SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS prior to 3.3.1 allows remote authenticated malicious users to execute arbitrary SQL commands via the orderby parameter.
Dotcms Dotcms
8.8
CVSSv3
CVE-2016-8905
SQL injection vulnerability in the JSONTags servlet in dotCMS prior to 3.3.1 allows remote authenticated malicious users to execute arbitrary SQL commands via the sort parameter.
Dotcms Dotcms
8.8
CVSSv3
CVE-2016-8906
SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS prior to 3.3.1 allows remote authenticated malicious users to execute arbitrary SQL commands via the orderby parameter.
Dotcms Dotcms
8.8
CVSSv3
CVE-2016-8907
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS prior to 3.3.1 allows remote authenticated malicious users to execute arbitrary SQL commands via the orderby parameter.
Dotcms Dotcms
8.8
CVSSv3
CVE-2016-8908
SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS prior to 3.3.1 allows remote authenticated malicious users to execute arbitrary SQL commands via the orderby parameter.
Dotcms Dotcms
8.1
CVSSv3
CVE-2017-3189
The dotCMS administration panel, versions 3.7.1 and previous versions, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, there are no chec...
Dotcms Dotcms
7.5
CVSSv3
CVE-2016-8600
In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later.
Dotcms Dotcms 3.2.1
7.5
CVSSv3
CVE-2016-4803
CRLF injection vulnerability in the send email functionality in dotCMS prior to 3.3.2 allows remote malicious users to inject arbitrary email headers via CRLF sequences in the subject.
Dotcms Dotcms
7.2
CVSSv3
CVE-2019-12872
dotCMS prior to 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp.
Dotcms Dotcms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »