Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elar lang vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-8902
SQL injection vulnerability in the categoriesServlet servlet in dotCMS prior to 3.3.1 allows remote not authenticated malicious users to execute arbitrary SQL commands via the sort parameter.
Dotcms Dotcms
8.8
CVSSv3
CVE-2016-8903
SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS prior to 3.3.1 allows remote authenticated malicious users to execute arbitrary SQL commands via the orderby parameter.
Dotcms Dotcms
8.8
CVSSv3
CVE-2016-8904
SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS prior to 3.3.1 allows remote authenticated malicious users to execute arbitrary SQL commands via the orderby parameter.
Dotcms Dotcms
8.8
CVSSv3
CVE-2016-8905
SQL injection vulnerability in the JSONTags servlet in dotCMS prior to 3.3.1 allows remote authenticated malicious users to execute arbitrary SQL commands via the sort parameter.
Dotcms Dotcms
8.8
CVSSv3
CVE-2016-8906
SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS prior to 3.3.1 allows remote authenticated malicious users to execute arbitrary SQL commands via the orderby parameter.
Dotcms Dotcms
8.8
CVSSv3
CVE-2016-8907
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS prior to 3.3.1 allows remote authenticated malicious users to execute arbitrary SQL commands via the orderby parameter.
Dotcms Dotcms
7.2
CVSSv3
CVE-2016-10008
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS prior to 3.7.2 and 4.x prior to 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter.
Dotcms Dotcms
7.2
CVSSv3
CVE-2016-4040
SQL injection vulnerability in the Workflow Screen in dotCMS prior to 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.
Dotcms Dotcms
7.2
CVSSv3
CVE-2016-10007
SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS prior to 3.7.2 and 4.x prior to 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter.
Dotcms Dotcms
7.5
CVSSv3
CVE-2016-4803
CRLF injection vulnerability in the send email functionality in dotCMS prior to 3.3.2 allows remote malicious users to inject arbitrary email headers via CRLF sequences in the subject.
Dotcms Dotcms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »