Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-17	CVE-2022-26352	Unspecified vulnerability in Dotcms An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. network low complexity dotcms critical	9.8
2021-09-08	CVE-2020-19138	Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java". network low complexity dotcms CWE-434 critical	9.8
2020-02-05	CVE-2020-6754	Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. network low complexity dotcms CWE-434 critical	9.8
2017-02-17	CVE-2017-5344	SQL Injection vulnerability in Dotcms An issue was discovered in dotCMS through 3.6.1. network low complexity dotcms CWE-89 critical	9.8
2016-12-19	CVE-2016-2355	SQL Injection vulnerability in Dotcms SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1. network low complexity dotcms CWE-89 critical	9.8
2016-11-14	CVE-2016-8902	SQL Injection vulnerability in Dotcms SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter. network low complexity dotcms CWE-89 critical	9.8