dotCMS < 3.6.2 SQLi Vulnerability

dotCMS is prone to a blind SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dotcms:dotcms"; if...

dotCMS H2 Database RCE Vulnerability - Active Check

dotCMS is prone to a remote code execution RCE vulnerability if used with the default H2 database. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

dotCMS 3.6.1 Blind Boolean SQL Injection Vulnerability

Exploit for php platform in category web applications Blind Boolean SQL Injection in dotCMS = 3.6.1 CVE-2017-5344 Product Description dotCMS is a scalable, java based, open source content management system CMS that has been designed to manage and deliver personalized, permission based content...

CVE-2017-5344

An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil...

Sql injection

An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil...

CVE-2017-5344

An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil...

CVE-2017-5344

dotCMS up to version 3.6.1 is vulnerable to blind boolean SQL injection via the /categoriesServlet path (parameters q and inode). The issue stems from findChildrenByFilter() performing string interpolation and direct SQL, with SQLUtil escaping and a keyword blacklist introduced as remediation for...

CVE-2017-5344

An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil...

dotCMS Blind Boolean SQL Injection in dotCMS <= 3.6.1 (CVE-2017-5344)

Product Description dotCMS is a scalable, java based, open source content management system CMS that has been designed to manage and deliver personalized, permission based content experiences across multiple channels. dotCMS can serve as the plaform for sites, mobile apps, mini-sites, portals,...

dotCMS 3.6.1 - Blind Boolean SQL Injection

: ' Blind Boolean SQL Injection in dotCMS = 3.6.1 CVE-2017-5344 Product Description dotCMS is a scalable, java based, open source content management system CMS that has been designed to manage and deliver personalized, permission based content experiences across multiple channels. dotCMS can serv...

DotCMS SQL Injection Vulnerability (CNVD-2017-01933)

DotCMS is a content management system CMS from the American company DotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build . A SQL injection vulnerability exists in categoriesServlet in DotCMS versions prior to 3.6.1. A remote attacker can explo...

dotCMS 3.6.1 - Blind Boolean SQL Injection

dotCMS 3.6.1 - Blind Boolean SQL Injection : ' Blind Boolean SQL Injection in dotCMS = 3.6.1 CVE-2017-5344 Product Description dotCMS is a scalable, java based, open source content management system CMS that has been designed to manage and deliver personalized, permission based content experience...

dotCMS 3.6.1 Blind Boolean SQL Injection

Blind Boolean SQL Injection in dotCMS = 3.6.1 CVE-2017-5344 Product Description dotCMS is a scalable, java based, open source content management system CMS that has been designed to manage and deliver personalized, permission based content experiences across multiple channels. dotCMS can serve as...

dotCMS cross-site scripting vulnerability (CNVD-2017-01337)

dotCMS is a content management system CMS from the American company DotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A cross-site scripting vulnerability exists in dotCMS version 3.7.0. A remote attacker can exploit this...

dotCMS cross-site scripting vulnerability (CNVD-2017-01336)

dotCMS is a content management system CMS from the US company DotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A cross-site scripting vulnerability exists in dotCMS version 3.7.0. An attacker can exploit this vulnerability to...

dotCMS cross-site scripting vulnerability (CNVD-2017-01338)

dotCMS is a content management system CMS from the US company DotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A cross-site scripting vulnerability exists in dotCMS version 3.7.0. An attacker can exploit this vulnerability to...

dotCMS <= 3.7.0 Multiple XSS Vulnerabilities

dotCMS is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2017-5875

XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter...

CVE-2017-5876

XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter...

CVE-2017-5877

XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter...