Description
dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user must be an authenticated manager in the dotCMS system to exploit this vulnerability.
Remediation
References
Related Vulnerabilities
WordPress Plugin Bulk Add to Cart for WooCommerce Security Bypass (1.2.2)
WordPress Plugin Translate WordPress with GTranslate Cross-Site Scripting (2.8.64)
PrestaShop Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-13461)
e107 Other Vulnerability (CVE-2006-5786)
WordPress Plugin Google Shortlink by BestWebSoft Cross-Site Scripting (1.5.2)