CVE-2016-10008 – dotCMS SQL Injection
https://notcve.org/view.php?id=CVE-2016-10008
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter. Vulnerabilidad de inyección SQL en la pantalla "Content Types > Content Types" en dotCMS en versiones anteriores a la 3.7.2 y 4.x anteriores a la 4.1.1 permite que los administradores autenticados remotos ejecuten comandos SQL arbitrarios mediante el parámetro _EXT_STRUCTURE_direction. dotCMS versions prior to 4.1.1 suffer from remote SQL injection vulnerabilities. • https://security.elarlang.eu/cve-2016-10007-and-cve-2016-10008-2-sql-injection-vulnerabilities-in-dotcms-blacklist-defence-bypass.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2016-10007 – dotCMS SQL Injection
https://notcve.org/view.php?id=CVE-2016-10007
SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter. Vulnerabilidad de inyección SQL en la pantalla "Marketing > Forms" en dotCMS en versiones anteriores a la 3.7.2 y 4.x anteriores a la 4.1.1 permite que los administradores autenticados remotos ejecuten comandos SQL arbitrarios mediante el parámetro _EXT_FORM_HANDLER_orderBy. dotCMS versions prior to 4.1.1 suffer from remote SQL injection vulnerabilities. • https://security.elarlang.eu/cve-2016-10007-and-cve-2016-10008-2-sql-injection-vulnerabilities-in-dotcms-blacklist-defence-bypass.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-15219
https://notcve.org/view.php?id=CVE-2017-15219
The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field. La aplicación dotCMS 4.1.1 es vulnerable a Cross-Site Scripting (XSS) persistente, afectando al campo Title de vanity-urls, al campo Description de containers y al campo Description de templates. • https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/dotCMS%20%3E%204.1.1%20-%20Stored%20XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-11466
https://notcve.org/view.php?id=CVE-2017-11466
Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. This results in arbitrary code execution by requesting the .jsp file at a /assets URI. Vulnerabilidad de carga de archivos arbitraria en el archivo com/dotmarketing/servlets/AjaxFileUploadServlet.class en dotCMS versión 4.1.1, permite a los administradores autenticados remotos cargar archivos .jsp en ubicaciones arbitrarias por medio de secuencias de salto de directorio en el parámetro fieldName en servlets/ajax_file_upload. Esto da como resultado la ejecución de código arbitrario mediante la petición del archivo .jsp en un URI /asset. • http://seclists.org/fulldisclosure/2017/Jul/33 https://github.com/dotCMS/core/issues/12131 https://packetstormsecurity.com/files/143383/dotcms411-shell.txt • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2017-6003
https://notcve.org/view.php?id=CVE-2017-6003
dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields. dotCMS 3.7.0 tiene XSS accesible desde ext/languages_manager/edit_language en portal/layout a través de los dos campos de formulario inferiores. • http://www.securityfocus.com/bid/97089 http://www.yiwang6.cn/dotcms.docx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •