Vulnerabilities > Dotcms > Dotcms > 3.3.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-07-24 | CVE-2017-3189 | Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. | 9.3 |
2018-07-24 | CVE-2017-3188 | Path Traversal vulnerability in Dotcms The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. | 4.0 |
2018-07-24 | CVE-2017-3187 | Cross-Site Request Forgery (CSRF) vulnerability in Dotcms The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery. | 6.8 |
2018-02-19 | CVE-2016-10008 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter. | 6.5 |
2018-02-19 | CVE-2016-10007 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter. | 6.5 |
2017-02-17 | CVE-2017-5344 | SQL Injection vulnerability in Dotcms An issue was discovered in dotCMS through 3.6.1. | 7.5 |
2016-12-19 | CVE-2016-2355 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1. | 7.5 |
2016-06-30 | CVE-2016-4803 | Email Header Injection vulnerability in dotCMS CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject. | 5.0 |
2016-04-19 | CVE-2016-4040 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter. | 6.5 |
2016-04-19 | CVE-2016-3688 | Information Exposure vulnerability in Dotcms SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr. | 4.0 |