CVE-2025-8311

dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint. This endpoint uses the sites query parameter, which accepts a comma-separated list of site identifiers or keys. The vulnerability was triggered via the sites parameter, whi...

CVE-2025-8311

dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint. This endpoint uses the sites query parameter, which accepts a comma-separated list of site identifiers or keys. The vulnerability was triggered via the sites parameter, whi...

CVE-2025-8311

CVE-2025-8311 affects dotCMS 24.03.22 and later, with a Boolean-based blind SQL injection in GET /api/v1/contenttype where the sites parameter is concatenated into SQL unsafely. An authenticated, low-privilege user could exfiltrate data, escalate privileges, or trigger DoS. Proof-of-concept and i...

DotCMS SQL注入漏洞

DotCMS is an open source content management system written in Java by DotCMS, Inc. for managing content and content-driven sites and applications. A security vulnerability exists in dotCMS version 24.03.22 and later, which stems from the sites parameter in the /api/v1/contenttype endpoint not bei...

PT-2025-35943

Name of the Vulnerable Software and Affected Versions: dotCMS versions 24.03.22 and after Description: A Boolean-based blind SQL injection vulnerability exists in the /api/v1/contenttype endpoint. The endpoint utilizes the sites query parameter, which accepts a comma-separated list of site...

VulnCheck KEV: CVE-2025-8311

dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint. This endpoint uses the sites query parameter, which accepts a comma-separated list of site identifiers or keys. The vulnerability was triggered via the sites parameter, whi...

CVE-2024-3165

System-Maintenance- Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. OWASP Top 10 - A05 Insecure Design OWASP Top 1...

CVE-2024-3164

In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to the System...

CVE-2023-3042

In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes // from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edittextinc.jsp , which should return a 404 response b...

CVE-2022-37034

In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests...

CVE-2022-37431

A Reflected Cross-site scripting XSS issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSSPROTECTIONENABLED=false. NOTE: the vendor disputes this because the current product behavior, in effect, has XSSPROTECTIONENABLED=true in all...

CVE-2022-45783

An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution...

CVE-2022-45782

An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover...

CVE-2021-35361

A reflected cross site scripting XSS vulnerability in dotAdmin//c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload...

CVE-2021-35358

A stored cross site scripting XSS vulnerability in dotAdmin//c/cImages of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters...

CVE-2021-35360

A reflected cross site scripting XSS vulnerability in dotAdmin//c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload...

CVE-2020-19138

Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java"...

CVE-2020-18875

Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl velocity files...

CVE-2020-35274

DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting XSS to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS...

CVE-2020-27848

dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user mus...