CVE-2020-6754

CVE-2020-6754 affects dotCMS prior to 5.2.4. The vulnerability is a directory traversal due to insufficient path validation in the CMSFilter, allowing an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets and to upload temporary files (e.g., .jsp) into /webapps/ROOT/assets/t...

CVE-2020-6754

dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCATHOME/webapps/ROOT/assets which should be a protected directory. Additionally, attackers can upload temporary files e.g., .jsp files into...

Path Traversal

dotCMS is vulnerable to path traversal vulnerability. A remote, authenticated attacker could exploit the flaw due to insecure extraction of ZIP archives...

dotCMS 5.1.5: Exploiting H2 SQL injection to RCE

Impact The SQL injection vulnerability can be exploited as an unauthenticated attacker via CSRF or as a user of the role Publisher. An attacker is able to execute stacked SQL queries which means it is possible to manipulate arbitrary database entries and even execute shell commands when the H2...

dotCMS SQL Injection Vulnerability (CNVD-2019-18732)

dotCMS is a content management system CMS from the United States dotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A SQL injection vulnerability exists in dotCMS versions prior to 5.1.6. The vulnerability stems from a lack of...

CVE-2019-12872

dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via viewunpushedbundles.jsp...

CVE-2019-12872

dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via viewunpushedbundles.jsp...

Sql injection

dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via viewunpushedbundles.jsp...

CVE-2019-12872

DotCMS prior to 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker with Publisher role via view_unpushed_bundles.jsp. Root cause described in CNVD note as lack of validation of externally entered SQL statements in database-based apps. Impact per sources is execution of il...

CVE-2019-12872

dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via viewunpushedbundles.jsp...

dotCMS 5.1.1 Open Redirection / Cross Site Scripting

Read full vulnerability report @ https://secureli.com/dotcms-v5-1-1-open-redirect-vulnerability/ dotCMS v5.1.1 suffers from an Open Redirect Vulnerability, in addition to many other vulnerabilities that I am still verifying. The following URL is a proof-of-concept that requires a user to be logge...

Path traversal

dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive...

CVE-2019-12309

dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive...

CVE-2019-12309

dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive...

CVE-2019-12309

CVE-2019-12309 concerns dotCMS before 5.1.0, with a path traversal vulnerability caused by insecure ZIP extraction. The issue is exploitable by an administrator to create files on affected systems. Connected sources (RH, Veracode, NVD, OSV, CVE lists) corroborate the same description across multi...

CVE-2019-12309

dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive...

dotCMS Path Traversal Vulnerability

dotCMS is a content management system CMS from the United States dotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A path traversal vulnerability exists in dotCMS versions prior to 5.1.0, which stems from a failure of a networked...

Design/Logic Flaw

/servlets/ajaxfileupload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection...

CVE-2019-11846

/servlets/ajaxfileupload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection...

CVE-2019-11846

/servlets/ajaxfileupload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection...