CVE-2017-5344 – dotCMS 3.6.1 - Blind Boolean SQL Injection
https://notcve.org/view.php?id=CVE-2017-5344
An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), as part of the remediation of CVE-2016-8902; however, these can be overcome in the case of the q and inode parameters to the /categoriesServlet path. Overcoming these controls permits a number of blind boolean SQL injection vectors in either parameter. The /categoriesServlet web path can be accessed remotely and without authentication in a default dotCMS deployment. • https://www.exploit-db.com/exploits/41377 http://dotcms.com/security/SI-39 http://seclists.org/fulldisclosure/2017/Feb/34 http://www.securityfocus.com/bid/96259 https://github.com/xdrr/webapp-exploits/blob/master/vendors/dotcms/2017.01.blind-sqli/dotcms-dump.sh • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-5875
https://notcve.org/view.php?id=CVE-2017-5875
XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter. XSS fue descubierto en dotCMS 3.7.0, con un ataque autenticado contra el parámetro /myAccount addressID. • http://www.securityfocus.com/bid/96115 https://github.com/dotCMS/core/issues/10643 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-5877
https://notcve.org/view.php?id=CVE-2017-5877
XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter. XSS fue descubierto en dotCMS 3.7.0, con un ataque no autenticado contra el parámetro /about-us/locations/index direction. • http://www.securityfocus.com/bid/96115 https://github.com/dotCMS/core/issues/10643 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-5876
https://notcve.org/view.php?id=CVE-2017-5876
XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter. XSS fue descubierto en dotCMS 3.7.0, con un ataque no autenticado contra el parámetro /news-events/events date. • http://www.securityfocus.com/bid/96115 https://github.com/dotCMS/core/issues/10643 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-2355
https://notcve.org/view.php?id=CVE-2016-2355
SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1. Vulnerabilidad de inyección SQL en la API REST en dotCMS en versiones anteriores a 3.3.2 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro stName a api/content/save/1. • http://dotcms.com/security/SI-35 http://www.securityfocus.com/bid/94992 https://github.com/dotCMS/core/issues/8848 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •