CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2016-10007 – dotCMS SQL Injection
https://notcve.org/view.php?id=CVE-2016-10007
SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter. Vulnerabilidad de inyección SQL en la pantalla "Marketing > Forms" en dotCMS en versiones anteriores a la 3.7.2 y 4.x anteriores a la 4.1.1 permite que los administradores autenticados remotos ejecuten comandos SQL arbitrarios mediante el parámetro _EXT_FORM_HANDLER_orderBy. dotCMS versions prior to 4.1.1 suffer from remote SQL injection vulnerabilities. • https://security.elarlang.eu/cve-2016-10007-and-cve-2016-10008-2-sql-injection-vulnerabilities-in-dotcms-blacklist-defence-bypass.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2017-5344 – dotCMS 3.6.1 - Blind Boolean SQL Injection
https://notcve.org/view.php?id=CVE-2017-5344
An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), as part of the remediation of CVE-2016-8902; however, these can be overcome in the case of the q and inode parameters to the /categoriesServlet path. Overcoming these controls permits a number of blind boolean SQL injection vectors in either parameter. The /categoriesServlet web path can be accessed remotely and without authentication in a default dotCMS deployment. • https://www.exploit-db.com/exploits/41377 http://dotcms.com/security/SI-39 http://seclists.org/fulldisclosure/2017/Feb/34 http://www.securityfocus.com/bid/96259 https://github.com/xdrr/webapp-exploits/blob/master/vendors/dotcms/2017.01.blind-sqli/dotcms-dump.sh • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2355
https://notcve.org/view.php?id=CVE-2016-2355
SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1. Vulnerabilidad de inyección SQL en la API REST en dotCMS en versiones anteriores a 3.3.2 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro stName a api/content/save/1. • http://dotcms.com/security/SI-35 http://www.securityfocus.com/bid/94992 https://github.com/dotCMS/core/issues/8848 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-8908 – dotCMS 3.x SQL Injection
https://notcve.org/view.php?id=CVE-2016-8908
SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. Vulnerabilidad de inyección SQL en la pantalla "Site Browser > HTML pages" en dotCMS en versiones anteriores a 3.3.1 permite a atacantes remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro orderby. dotCMS versions before 3.5, 3.3.1, and 3.3.2 suffer from multiple remote SQL injection vulnerabilities. • http://seclists.org/fulldisclosure/2016/Nov/0 http://www.securityfocus.com/bid/94311 https://github.com/dotCMS/core/pull/8460 https://github.com/dotCMS/core/pull/8468 https://security.elarlang.eu/multiple-sql-injection-vulnerabilities-in-dotcms-8x-cve-full-disclosure.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-8905 – dotCMS 3.x SQL Injection
https://notcve.org/view.php?id=CVE-2016-8905
SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter. Vulnerabilidad de inyección SQL en el servlet JSONTags en dotCMS en versiones anteriores a 3.3.1 permite a atacantes remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro sort. dotCMS versions before 3.5, 3.3.1, and 3.3.2 suffer from multiple remote SQL injection vulnerabilities. • http://seclists.org/fulldisclosure/2016/Nov/0 http://www.securityfocus.com/bid/94311 https://github.com/dotCMS/core/pull/8460 https://github.com/dotCMS/core/pull/8468 https://security.elarlang.eu/multiple-sql-injection-vulnerabilities-in-dotcms-8x-cve-full-disclosure.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •