Description

dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user must be an authenticated manager in the dotCMS system to exploit this vulnerability.

Remediation

References

CVE-2020-27848

Related Vulnerabilities

WordPress Plugin Check & Log Email Cross-Site Scripting (0.3)

IBMHttpServer Other Vulnerability (CVE-2000-1168)

WordPress Plugin Post Form-Registration Form-Profile Form for User Profiles and Content Forms for User Submissions Security Bypass (2.6.2)

IBM WebSEAL Missing Authorization Vulnerability (CVE-2019-4158)

Serendipity Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1916)

Severity

High

Classification

CVE-2020-27848 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities