Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotcms dotcms vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2016-3972
Directory traversal vulnerability in the dotTailLogServlet in dotCMS prior to 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.
Dotcms Dotcms
6.5
CVSSv2
CVE-2016-4040
SQL injection vulnerability in the Workflow Screen in dotCMS prior to 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.
Dotcms Dotcms
10
CVSSv2
CVE-2020-19138
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and previous versions allow remote malicious users to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".
Dotcms Dotcms
7.5
CVSSv2
CVE-2016-2355
SQL injection vulnerability in the REST API in dotCMS prior to 3.3.2 allows remote malicious users to execute arbitrary SQL commands via the stName parameter to api/content/save/1.
Dotcms Dotcms
1 Github repository
NA
CVE-2022-45782
An issue exists in dotCMS core 5.3.8.5 up to and including 5.3.8.15 and 21.03 up to and including 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover.
Dotcms Dotcms
NA
CVE-2022-45783
An issue exists in dotCMS core 4.x up to and including 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution.
Dotcms Dotcms
5
CVSSv2
CVE-2016-4803
CRLF injection vulnerability in the send email functionality in dotCMS prior to 3.3.2 allows remote malicious users to inject arbitrary email headers via CRLF sequences in the subject.
Dotcms Dotcms
6.8
CVSSv2
CVE-2022-26352
An issue exists in the ContentResource API in dotCMS 3.0 up to and including 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage l...
Dotcms Dotcms
9
CVSSv2
CVE-2017-11466
Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_u...
Dotcms Dotcms 4.1.1
5
CVSSv2
CVE-2016-8600
In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later.
Dotcms Dotcms 3.2.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »