Description
Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Page Restrict Open Redirect (2.2.3)
WebLogic Improper Certificate Validation Vulnerability (CVE-2020-9488)
Apache Tomcat Improper Handling of Exceptional Conditions Vulnerability (CVE-2021-30639)
OpenSSL Other Vulnerability (CVE-2015-0288)
Joomla Improper Privilege Management Vulnerability (CVE-2018-17855)