Description
dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user must be an authenticated manager in the dotCMS system to exploit this vulnerability.
Remediation
References
Related Vulnerabilities
MySQL CVE-2014-6559 Vulnerability (CVE-2014-6559)
Collabtive Improper Privilege Management Vulnerability (CVE-2013-5027)
WordPress Plugin Background Music Cross-Site Scripting (1.0)
WordPress Plugin Kanzu Support Desk-WordPress Helpdesk Remote Code Execution (2.4.6)
WordPress Plugin Login rebuilder Cross-Site Request Forgery (1.1.3)