Vulnerabilities > Dotcms > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-01 | CVE-2022-45782 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Dotcms An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. | 8.8 |
| 2021-08-18 | CVE-2020-18875 | Injection vulnerability in Dotcms Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files. | 8.8 |
| 2020-02-05 | CVE-2020-6754 | Path Traversal vulnerability in Dotcms dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. | 7.5 |
| 2017-02-17 | CVE-2017-5344 | SQL Injection vulnerability in Dotcms An issue was discovered in dotCMS through 3.6.1. | 7.5 |
| 2016-12-19 | CVE-2016-2355 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1. | 7.5 |
| 2016-11-14 | CVE-2016-8902 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter. | 7.5 |