VYPR

Dotcms

by Dotcms

Source repositories

CVEs (57)

  • CVE-2017-5344CriFeb 17, 2017
    risk 0.67cvss 9.8epss 0.06

    An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new…

  • CVE-2025-8311CriSep 4, 2025
    risk 0.64cvss epss 0.02

    dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint. This endpoint uses the sites query parameter, which accepts a comma-separated list of site identifiers or keys. The vulnerability was triggered via the…

  • CVE-2024-4447CriJul 26, 2024
    risk 0.64cvss 9.9epss 0.00

    In the System → Maintenance tool, the Logged Users tab surfaces sessionId data for all users via the Direct Web Remoting API (UserSessionAjax.getSessionList.dwr) calls. While this is information that would and should be available to admins who possess "Sign In As" powers,…

  • CVE-2016-2355CriDec 19, 2016
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1.

  • CVE-2016-8902CriNov 14, 2016
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter.

  • CVE-2026-8054CriMay 27, 2026
    risk 0.58cvss epss 0.02

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in the Publish Audit API endpoints (/api/auditPublishing/get and /api/auditPublishing/getAll) in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read,…

  • CVE-2017-3187HigJul 24, 2018
    risk 0.57cvss 8.8epss 0.01

    The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery. The dotCMS administrator panel contains a cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user,…

  • CVE-2016-8908HigNov 14, 2016
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.

  • CVE-2016-8907HigNov 14, 2016
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.

  • CVE-2016-8906HigNov 14, 2016
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.

  • CVE-2016-8905HigNov 14, 2016
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter.

  • CVE-2016-8904HigNov 14, 2016
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.

  • CVE-2016-8903HigNov 14, 2016
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.

  • CVE-2017-3189HigJul 24, 2018
    risk 0.53cvss 8.1epss 0.07

    The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, there are no checks on the types of files…

  • CVE-2016-8600HigOct 28, 2016
    risk 0.49cvss 7.5epss 0.02

    In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later.

  • CVE-2016-4803HigJun 30, 2016
    risk 0.49cvss 7.5epss 0.02

    CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject.

  • CVE-2017-11466HigJul 20, 2017
    risk 0.47cvss 7.2epss 0.08

    Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to…

  • CVE-2016-4040HigApr 19, 2016
    risk 0.47cvss 7.2epss 0.01

    SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.

  • CVE-2017-3188MedJul 24, 2018
    risk 0.42cvss 6.5epss 0.03

    The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, the filenames of its contents are not properly…

  • CVE-2016-3688MedApr 19, 2016
    risk 0.42cvss 6.5epss 0.02

    SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr.

Page 1 of 3

VYPR — Vulnerability Intelligence