12 matches found
EUVD-2025-25804
Malicious code in bioql PyPI...
EUVD-2025-27276
Malicious code in bioql PyPI...
CVE-2025-8311
dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint. This endpoint uses the sites query parameter, which accepts a comma-separated list of site identifiers or keys. The vulnerability was triggered via the sites parameter, whi...
CVE-2025-8311
dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint. This endpoint uses the sites query parameter, which accepts a comma-separated list of site identifiers or keys. The vulnerability was triggered via the sites parameter, whi...
CVE-2025-8311
dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint. This endpoint uses the sites query parameter, which accepts a comma-separated list of site identifiers or keys. The vulnerability was triggered via the sites parameter, whi...
CVE-2025-8311
CVE-2025-8311 affects dotCMS 24.03.22 and later, with a Boolean-based blind SQL injection in GET /api/v1/contenttype where the sites parameter is concatenated into SQL unsafely. An authenticated, low-privilege user could exfiltrate data, escalate privileges, or trigger DoS. Proof-of-concept and i...
CVE-2025-8311
dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint. This endpoint uses the sites query parameter, which accepts a comma-separated list of site identifiers or keys. The vulnerability was triggered via the sites parameter, whi...
VulnCheck KEV: CVE-2025-8311
dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint. This endpoint uses the sites query parameter, which accepts a comma-separated list of site identifiers or keys. The vulnerability was triggered via the sites parameter, whi...
PT-2025-35943
Name of the Vulnerable Software and Affected Versions: dotCMS versions 24.03.22 and after Description: A Boolean-based blind SQL injection vulnerability exists in the /api/v1/contenttype endpoint. The endpoint utilizes the sites query parameter, which accepts a comma-separated list of site...
DotCMS SQL注入漏洞
DotCMS is an open source content management system written in Java by DotCMS, Inc. for managing content and content-driven sites and applications. A security vulnerability exists in dotCMS version 24.03.22 and later, which stems from the sites parameter in the /api/v1/contenttype endpoint not bei...
U.S. Dept Of Defense: Error-based blind SQL injection
An error-based blind SQL injection vulnerability was discovered at a certain location. The vulnerability was present in the sites, rods, and ous parameters. By exploiting these parameters, sensitive information could have been extracted by triggering errors returned by the database. Certain...
CVE-2011-5072
Multiple SQL injection vulnerabilities in Support Incident Tracker aka SiT! before 3.65 allow remote attackers to execute arbitrary SQL commands via the 1 start parameter to portal/kb.php; 2 contractid parameter to contractaddservice.php; 3 id parameter to editescalationpath.php; 4 unlock, 5 lock...