CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2016-3972
https://notcve.org/view.php?id=CVE-2016-3972
Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter. Vulnerabilidad de salto de directorio en el dotTailLogServlet en dotCMS en versiones anteriores a 3.5.1 permite a administradores remotos autenticados leer archivos arbitrarios a través de un .. (punto punto) en el parámetro fileName. • http://dotcms.com/security/SI-34 http://seclists.org/fulldisclosure/2016/Apr/36 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-3688 – DotCMS 3.3 SQL Injection
https://notcve.org/view.php?id=CVE-2016-3688
SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr. Vulnerabilidad de inyección SQL en dotCMS en versiones anteriores a 3.5 permite a administradores remotos ejecutar comandos SQL arbitrarios a través del parámetro c0-e3 en dwr/call/plaincall/UserAjax.getUsersList.dwr. DotCMS version 3.3 suffers from a remote SQL injection vulnerability. • http://dotcms.com/security/SI-32 http://packetstormsecurity.com/files/136548/DotCMS-3.3-SQL-Injection.html http://seclists.org/fulldisclosure/2016/Apr/11 http://seclists.org/fulldisclosure/2016/Apr/5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •