Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotcms dotcms vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-45783
An issue exists in dotCMS core 4.x up to and including 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution.
Dotcms Dotcms
7.2
CVSSv3
CVE-2016-4040
SQL injection vulnerability in the Workflow Screen in dotCMS prior to 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.
Dotcms Dotcms
7.5
CVSSv3
CVE-2016-4803
CRLF injection vulnerability in the send email functionality in dotCMS prior to 3.3.2 allows remote malicious users to inject arbitrary email headers via CRLF sequences in the subject.
Dotcms Dotcms
8.8
CVSSv3
CVE-2020-27848
dotCMS prior to 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection ...
Dotcms Dotcms
9.8
CVSSv3
CVE-2017-5344
An issue exists in dotCMS up to and including 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a ne...
Dotcms Dotcms
1 EDB exploit
6.5
CVSSv3
CVE-2017-3188
The dotCMS administration panel, versions 3.7.1 and previous versions, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, the filenames of its con...
Dotcms Dotcms
8.8
CVSSv3
CVE-2016-8906
SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS prior to 3.3.1 allows remote authenticated malicious users to execute arbitrary SQL commands via the orderby parameter.
Dotcms Dotcms
8.8
CVSSv3
CVE-2016-8908
SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS prior to 3.3.1 allows remote authenticated malicious users to execute arbitrary SQL commands via the orderby parameter.
Dotcms Dotcms
9.8
CVSSv3
CVE-2022-26352
An issue exists in the ContentResource API in dotCMS 3.0 up to and including 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage l...
Dotcms Dotcms
9.8
CVSSv3
CVE-2016-8902
SQL injection vulnerability in the categoriesServlet servlet in dotCMS prior to 3.3.1 allows remote not authenticated malicious users to execute arbitrary SQL commands via the sort parameter.
Dotcms Dotcms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »