Vulnerabilities > Dotcms > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-07-17 CVE-2022-26352 Unspecified vulnerability in Dotcms
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02.
network
low complexity
dotcms
critical
9.8
2021-09-08 CVE-2020-19138 Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".
network
low complexity
dotcms CWE-434
critical
9.8
2020-02-05 CVE-2020-6754 Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms
dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control.
network
low complexity
dotcms CWE-434
critical
9.8
2017-02-17 CVE-2017-5344 SQL Injection vulnerability in Dotcms
An issue was discovered in dotCMS through 3.6.1.
network
low complexity
dotcms CWE-89
critical
9.8
2016-12-19 CVE-2016-2355 SQL Injection vulnerability in Dotcms
SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1.
network
low complexity
dotcms CWE-89
critical
9.8
2016-11-14 CVE-2016-8902 SQL Injection vulnerability in Dotcms
SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter.
network
low complexity
dotcms CWE-89
critical
9.8