dotCMS SQL Injection Vulnerability (CNVD-2021-00829)

dotcms is a powerful Content Management System CMS developed in Java. A SQL injection vulnerability exists in dotCMS versions prior to 20.10.1. An attacker can exploit this vulnerability to conduct SQL injection attacks via the /api/v1/containers orderby parameter...

CVE-2020-27848

dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user mus...

CVE-2020-27848

dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user mus...

Sql injection

dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user mus...

CVE-2020-27848

CVE-2020-27848 affects dotCMS versions before 20.10.1. The vulnerability is an SQL injection in the REST endpoint /api/v1/containers (orderby parameter) caused by unsanitized orderBy handling in the PaginatorOrdered classes. An authenticated manager is required to exploit. Public sources indicate...

CVE-2020-27848

dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user mus...

Dotcms dotCMS SQL注入漏洞

dotcms is a powerful Content Management System CMS developed in Java. A SQL injection vulnerability exists in dotCMS versions prior to 20.10.1. An attacker can exploit this vulnerability to conduct SQL injection attacks via the /api/v1/containers orderby parameter...

CVE-2020-35274

DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting XSS to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS...

CVE-2020-35274

DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting XSS to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS...

Cross site scripting

DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting XSS to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS...

CVE-2020-35274

DotCMS Add Template with admin panel 20.11 is affected by stored XSS that could let an attacker gain remote privileges and potentially steal cookies. The vulnerability is described as stored XSS in the admin template functionality, enabling a compromise of a website or web application through XSS...

CVE-2020-35274

DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting XSS to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS...

DotCMS Add Template with admin panel Cross-site Scripting Vulnerability

Dotcms dotCMS is a content management system CMS from the American company dotCMS Dotcms. The system supports modules such as RSS feeds, blogs, and forums, and is easy to extend and build. DotCMS Add Template with admin panel 20.11 suffers from a cross-site scripting vulnerability that allows...

DotCMS 20.11 Cross Site Scripting

Exploit Title: DotCMS 20.11 - Stored Cross-Site Scripting Exploit Author: Hardik Solanki Vendor Homepage: https://dotcms.com/ Version: 20.11 Tested on Windows 10 Vulnerable Parameters: Template Title Steps to reproduce: 1. Login With Admin Username and password. 2. Navigate to Site -- Template --...

DotCMS 20.11 - Stored Cross-Site Scripting

Exploit Title: DotCMS 20.11 - Stored Cross-Site Scripting Exploit Author: Hardik Solanki Vendor Homepage: https://dotcms.com/ Version: 20.11 Tested on Windows 10 Vulnerable Parameters: Template Title Steps to reproduce: 1. Login With Admin Username and password. 2. Navigate to Site -- Template --...

dotCMS CMSFilter Authentication Bypass (CVE-2020-6754)

An access control weakness exists in the dotCMS content management system. The vulnerability is due to insufficient path validation in the CMSFilter class...

dotCMS code problem vulnerability

dotCMS is a content management system CMS from the United States dotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A code issue vulnerability exists in dotCMS versions prior to 5.2.4 that stems from faulty access control. An...

CVE-2020-6754

dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCATHOME/webapps/ROOT/assets which should be a protected directory. Additionally, attackers can upload temporary files e.g., .jsp files into...

CVE-2020-6754

dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCATHOME/webapps/ROOT/assets which should be a protected directory. Additionally, attackers can upload temporary files e.g., .jsp files into...

Directory traversal

dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCATHOME/webapps/ROOT/assets which should be a protected directory. Additionally, attackers can upload temporary files e.g., .jsp files into...