CVE-2019-12872

2019-06-1814:15:11

Google

osv.dev

7.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.0%

JSON

dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp.

CPENameOperatorVersion
coreeq3.6.0
coreeq3.2.1
coreeq3.5_Preview02
coreeqpre3.5buildrevert
coreeq5.1.5
coreeq3.0
coreeq3.7.1
coreeq3.5_Preview01
coreeq3.6.1
coreeq3.2

Name	Operator	Version
core	eq	3.6.0
core	eq	3.2.1
core	eq	3.5_Preview02
core	eq	pre3.5buildrevert
core	eq	5.1.5
core	eq	3.0
core	eq	3.7.1
core	eq	3.5_Preview01
core	eq	3.6.1
core	eq	3.2

Rows per page:

1-10 of 111

References

dotcms.com/security/SI-53

github.com/dotCMS/core/issues/16624