Description

dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user must be an authenticated manager in the dotCMS system to exploit this vulnerability.

Remediation

References

CVE-2020-27848

Related Vulnerabilities

WordPress Plugin Bulk Add to Cart for WooCommerce Security Bypass (1.2.2)

WordPress Plugin Translate WordPress with GTranslate Cross-Site Scripting (2.8.64)

PrestaShop Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-13461)

e107 Other Vulnerability (CVE-2006-5786)

WordPress Plugin Google Shortlink by BestWebSoft Cross-Site Scripting (1.5.2)

Severity

High

Classification

CVE-2020-27848 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities