CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19138
https://notcve.org/view.php?id=CVE-2020-19138
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java". Una Carga no Restringida de Archivos de Tipo Peligroso en DotCMS versión v5.2.3 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio del componente "/src/main/java/com/dotmarketing/filters/CMSFilter.java" • https://github.com/dotCMS/core/issues/17796 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27848
https://notcve.org/view.php?id=CVE-2020-27848
dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user must be an authenticated manager in the dotCMS system to exploit this vulnerability. dotCMS versiones anteriores a 20.10.1, permite una inyección SQL, como es demostrado por el parámetro orderby del archivo arch/api/v1/containers. Las clases PaginatorOrdered que son usadas para paginar los resultados de un endpoint REST no sanean el parámetro orderBy y, en algunos casos, es vulnerable a ataques de inyección SQL. Un usuario debe ser un administrador autenticado en el sistema dotCMS para explotar esta vulnerabilidad. • https://github.com/dotCMS/core/compare/v5.3.8.1...v20.10.1 https://github.com/dotCMS/core/issues/19500 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 17%CPEs: 1EXPL: 2CVE-2020-6754
https://notcve.org/view.php?id=CVE-2020-6754
dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files (e.g., .jsp files) into /webapps/ROOT/assets/tmp_upload, which can lead to remote command execution (with the permissions of the user running the dotCMS application). dotCMS versiones anteriores a 5.2.4, es vulnerable a salto de directorio, lo que conlleva a un control de acceso incorrecto. Permite a un atacante leer o ejecutar archivos bajo $TOMCAT_HOME/webapps/ROOT/assets (que debería ser un directorio protegido). Además, los atacantes pueden cargar archivos temporales (por ejemplo, archivos .jsp) en /webapps/ROOT/assets/tmp_upload, lo que puede conllevar a una ejecución de comandos remota (con los permisos del usuario que ejecuta la aplicación dotCMS). • https://dotcms.com/security/SI-54 https://github.com/dotCMS/core/issues/17796 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12872
https://notcve.org/view.php?id=CVE-2019-12872
dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp. dotCMS anterior de 5.1.6 es vulnerable a una inyección de SQL que puede ser aprovechada por un atacante del publicador de roles a través de view_unpushed_bundles.jsp. • https://dotcms.com/security/SI-53 https://github.com/dotCMS/core/issues/16624 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11846 – dotCMS 5.1.1 HTML Injection
https://notcve.org/view.php?id=CVE-2019-11846
/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection. / servlets / ajax_file_upload? fieldName = binary3 en dotCMS 5.1.1 permite XSS y HTML Injection. dotCMS version 5.1.1 suffers from an html injection vulnerability. • http://packetstormsecurity.com/files/152788/dotCMS-5.1.1-HTML-Injection.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •