Incorrect Access Control in DotCMS versions prior to 5.1 allows remote malicious users to gain privileges by injecting client configurations via vtl (velocity) files.
dotcms dotcms