3 matches found
CVE-2017-5344
dotCMS up to version 3.6.1 is vulnerable to blind boolean SQL injection via the /categoriesServlet path (parameters q and inode). The issue stems from findChildrenByFilter() performing string interpolation and direct SQL, with SQLUtil escaping and a keyword blacklist introduced as remediation for...
CVE-2017-5344
creationtimestamp| type| source ---|---|--- 2017-02-16 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41377...
dotCMS 3.6.1 Blind Boolean SQL Injection
Blind Boolean SQL Injection in dotCMS = 3.6.1 CVE-2017-5344 Product Description dotCMS is a scalable, java based, open source content management system CMS that has been designed to manage and deliver personalized, permission based content experiences across multiple channels. dotCMS can serve as...