Shodan
Vulnerabilities
Vulnerable Software
Dotcms:  >> Dotcms  Security Vulnerabilities
CVE-2016-8907
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
CVSS Score
8.8
EPSS Score
0.02
Published
2016-11-14
CVE-2016-8906
SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
CVSS Score
8.8
EPSS Score
0.02
Published
2016-11-14
CVE-2016-8905
SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter.
CVSS Score
8.8
EPSS Score
0.02
Published
2016-11-14
CVE-2016-8903
SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
CVSS Score
8.8
EPSS Score
0.014
Published
2016-11-14
CVE-2016-8904
SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
CVSS Score
8.8
EPSS Score
0.014
Published
2016-11-14
CVE-2016-8902
SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter.
CVSS Score
9.8
EPSS Score
0.014
Published
2016-11-14
CVE-2016-8600
In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later.
CVSS Score
7.5
EPSS Score
0.009
Published
2016-10-28
CVE-2016-4803
CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject.
CVSS Score
7.5
EPSS Score
0.004
Published
2016-06-30
CVE-2016-4040
SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.
CVSS Score
7.2
EPSS Score
0.004
Published
2016-04-19
CVE-2016-3688
SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr.
CVSS Score
6.5
EPSS Score
0.002
Published
2016-04-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved