Vulnerabilities > Dotcms > High

DATE CVE VULNERABILITY TITLE RISK
2023-02-01 CVE-2022-45782 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Dotcms
An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1.
network
low complexity
dotcms CWE-338
8.8
2021-08-18 CVE-2020-18875 Injection vulnerability in Dotcms
Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files.
network
low complexity
dotcms CWE-74
8.8
2020-02-05 CVE-2020-6754 Path Traversal vulnerability in Dotcms
dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control.
network
low complexity
dotcms CWE-22
7.5
2017-02-17 CVE-2017-5344 SQL Injection vulnerability in Dotcms
An issue was discovered in dotCMS through 3.6.1.
network
low complexity
dotcms CWE-89
7.5
2016-12-19 CVE-2016-2355 SQL Injection vulnerability in Dotcms
SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1.
network
low complexity
dotcms CWE-89
7.5
2016-11-14 CVE-2016-8902 SQL Injection vulnerability in Dotcms
SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter.
network
low complexity
dotcms CWE-89
7.5