Vulnerabilities - Acunetix

Vulnerability Name	CVE CWE	CWE	Severity
Dotclear Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3783)	CVE-2014-3783 CWE-138	CWE-138	Medium
Dotclear Other Vulnerability (CVE-2005-3957)	CVE-2005-3957		Critical
Dotclear Other Vulnerability (CVE-2005-3963)	CVE-2005-3963		High
Dotclear Other Vulnerability (CVE-2006-2866)	CVE-2006-2866		Medium
Dotclear Other Vulnerability (CVE-2006-3938)	CVE-2006-3938		Medium
Dotclear Other Vulnerability (CVE-2007-1989)	CVE-2007-1989		Medium
Dotclear Other Vulnerability (CVE-2007-3672)	CVE-2007-3672		Medium
Dotclear Other Vulnerability (CVE-2007-3688)	CVE-2007-3688		Low
Dotclear Other Vulnerability (CVE-2014-3782)	CVE-2014-3782		Medium
Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1584)	CVE-2011-1584 CWE-264	CWE-264	Medium
Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-5083)	CVE-2011-5083 CWE-264	CWE-264	High
Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-7903)	CVE-2016-7903 CWE-264	CWE-264	Low
Dotclear Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-7902)	CVE-2016-7902 CWE-434	CWE-434	High
Dotclear Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-9268)	CVE-2016-9268 CWE-434	CWE-434	High
Dot CMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-3187)	CVE-2017-3187 CWE-352	CWE-352	High
Dot CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3688)	CVE-2016-3688 CWE-200	CWE-200	Medium
Dot CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-3708)	CVE-2008-3708 CWE-22	CWE-22	Medium
Dot CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-3972)	CVE-2016-3972 CWE-22	CWE-22	Low
Dot CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-3188)	CVE-2017-3188 CWE-22	CWE-22	Medium
Dot CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-12309)	CVE-2019-12309 CWE-22	CWE-22	Medium
Dot CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-6754)	CVE-2020-6754 CWE-22	CWE-22	Critical
Dot CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-45783)	CVE-2022-45783 CWE-22	CWE-22	Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-2397)	CVE-2008-2397 CWE-707	CWE-707	Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-3484)	CVE-2013-3484 CWE-707	CWE-707	Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-3971)	CVE-2016-3971 CWE-707	CWE-707	Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5875)	CVE-2017-5875 CWE-707	CWE-707	Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5876)	CVE-2017-5876 CWE-707	CWE-707	Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5877)	CVE-2017-5877 CWE-707	CWE-707	Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6003)	CVE-2017-6003 CWE-707	CWE-707	Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-15219)	CVE-2017-15219 CWE-707	CWE-707	Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-16980)	CVE-2018-16980 CWE-707	CWE-707	Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19554)	CVE-2018-19554 CWE-707	CWE-707	Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11846)	CVE-2019-11846 CWE-707	CWE-707	Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-17542)	CVE-2020-17542 CWE-707	CWE-707	Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-35274)	CVE-2020-35274 CWE-707	CWE-707	Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35358)	CVE-2021-35358 CWE-707	CWE-707	Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35360)	CVE-2021-35360 CWE-707	CWE-707	Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35361)	CVE-2021-35361 CWE-707	CWE-707	Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-35740)	CVE-2022-35740 CWE-707	CWE-707	Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37431)	CVE-2022-37431 CWE-707	CWE-707	Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-3042)	CVE-2023-3042 CWE-707	CWE-707	Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-3938)	CVE-2024-3938 CWE-707	CWE-707	Medium
Dot CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-18875)	CVE-2020-18875 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-2355)	CVE-2016-2355 CWE-138	CWE-138	Critical
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-4040)	CVE-2016-4040 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8902)	CVE-2016-8902 CWE-138	CWE-138	Critical
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8903)	CVE-2016-8903 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8904)	CVE-2016-8904 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8905)	CVE-2016-8905 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8906)	CVE-2016-8906 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8907)	CVE-2016-8907 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8908)	CVE-2016-8908 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-10007)	CVE-2016-10007 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-10008)	CVE-2016-10008 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-5344)	CVE-2017-5344 CWE-138	CWE-138	Critical
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-12872)	CVE-2019-12872 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-27848)	CVE-2020-27848 CWE-138	CWE-138	High
Dot CMS Other Vulnerability (CVE-2016-4803)	CVE-2016-4803		High
Dot CMS Other Vulnerability (CVE-2022-26352)	CVE-2022-26352		Critical
Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1826)	CVE-2012-1826 CWE-264	CWE-264	Medium
Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8600)	CVE-2016-8600 CWE-264	CWE-264	High
Dot CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-37033)	CVE-2022-37033 CWE-918	CWE-918	Medium
Dot CMS Uncontrolled Recursion Vulnerability (CVE-2022-37034)	CVE-2022-37034 CWE-674	CWE-674	Medium
DotCMS unrestricted file upload (CVE-2022-26352)	CVE-2022-26352 CWE-434	CWE-434	High
Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-3189)	CVE-2017-3189 CWE-434	CWE-434	High
Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-11466)	CVE-2017-11466 CWE-434	CWE-434	High
Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-19138)	CVE-2020-19138 CWE-434	CWE-434	Critical
Dot CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-17422)	CVE-2018-17422 CWE-601	CWE-601	Medium
Dot CMS Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2022-45782)	CVE-2022-45782 CWE-338	CWE-338	High
Dotenv .env file	CWE-538	CWE-538	High
DotNetNuke multiple vulnerabilities	CVE-2012-1030 CWE-79	CWE-79	High
Dragonfly Arbitrary File Read/Write (CVE-2021-33564)	CVE-2021-33564 CWE-20	CWE-20	High
Drupal 7 arbitrary PHP code execution and information disclosure	CVE-2012-4553 CVE-2012-4554 CWE-264	CWE-264	High
Drupal 7PK - Security Features Vulnerability (CVE-2016-3163)	CVE-2016-3163		High
Drupal 7PK - Security Features Vulnerability (CVE-2016-3168)	CVE-2016-3168		Medium

Dotclear Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3783)

CVE-2014-3783

CWE-138

Medium

Dotclear Other Vulnerability (CVE-2005-3957)

CVE-2005-3957

Critical

Dotclear Other Vulnerability (CVE-2005-3963)

CVE-2005-3963

High

Dotclear Other Vulnerability (CVE-2006-2866)

CVE-2006-2866

Medium

Dotclear Other Vulnerability (CVE-2006-3938)

CVE-2006-3938

Medium

Dotclear Other Vulnerability (CVE-2007-1989)

CVE-2007-1989

Medium

Dotclear Other Vulnerability (CVE-2007-3672)

CVE-2007-3672

Medium

Dotclear Other Vulnerability (CVE-2007-3688)

CVE-2007-3688

Low

Dotclear Other Vulnerability (CVE-2014-3782)

CVE-2014-3782

Medium

Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1584)

CVE-2011-1584

CWE-264

Medium

Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-5083)

CVE-2011-5083

CWE-264

High

Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-7903)

CVE-2016-7903

CWE-264

Low

Dotclear Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-7902)

CVE-2016-7902

CWE-434

High

Dotclear Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-9268)

CVE-2016-9268

CWE-434

High

Dot CMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-3187)

CVE-2017-3187

CWE-352

High

Dot CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3688)

CVE-2016-3688

CWE-200

Medium

Dot CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-3708)

CVE-2008-3708

CWE-22

Medium

Dot CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-3972)

CVE-2016-3972

CWE-22

Low

Dot CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-3188)

CVE-2017-3188

CWE-22

Medium

Dot CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-12309)

CVE-2019-12309

CWE-22

Medium

Dot CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-6754)

CVE-2020-6754

CWE-22

Critical

Dot CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-45783)

CVE-2022-45783

CWE-22

Medium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-2397)

CVE-2008-2397

CWE-707

Medium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-3484)

CVE-2013-3484

CWE-707

Medium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-3971)

CVE-2016-3971

CWE-707

Medium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5875)

CVE-2017-5875

CWE-707

Medium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5876)

CVE-2017-5876

CWE-707

Medium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5877)

CVE-2017-5877

CWE-707

Medium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6003)

CVE-2017-6003

CWE-707

Medium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-15219)

CVE-2017-15219

CWE-707

Medium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-16980)

CVE-2018-16980

CWE-707

Medium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19554)

CVE-2018-19554

CWE-707

Medium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11846)

CVE-2019-11846

CWE-707

Medium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-17542)

CVE-2020-17542

CWE-707

Medium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-35274)

CVE-2020-35274

CWE-707

Medium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35358)

CVE-2021-35358

CWE-707

Medium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35360)

CVE-2021-35360

CWE-707

Medium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35361)

CVE-2021-35361

CWE-707

Medium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-35740)

CVE-2022-35740

CWE-707

Medium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37431)

CVE-2022-37431

CWE-707

Medium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-3042)

CVE-2023-3042

CWE-707

Medium

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-3938)

CVE-2024-3938

CWE-707

Medium

Dot CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-18875)

CVE-2020-18875

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-2355)

CVE-2016-2355

CWE-138

Critical

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-4040)

CVE-2016-4040

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8902)

CVE-2016-8902

CWE-138

Critical

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8903)

CVE-2016-8903

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8904)

CVE-2016-8904

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8905)

CVE-2016-8905

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8906)

CVE-2016-8906

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8907)

CVE-2016-8907

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8908)

CVE-2016-8908

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-10007)

CVE-2016-10007

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-10008)

CVE-2016-10008

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-5344)

CVE-2017-5344

CWE-138

Critical

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-12872)

CVE-2019-12872

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-27848)

CVE-2020-27848

CWE-138

High

Dot CMS Other Vulnerability (CVE-2016-4803)

CVE-2016-4803

High

Dot CMS Other Vulnerability (CVE-2022-26352)

CVE-2022-26352

Critical

Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1826)

CVE-2012-1826

CWE-264

Medium

Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8600)

CVE-2016-8600

CWE-264

High

Dot CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-37033)

CVE-2022-37033

CWE-918

Medium

Dot CMS Uncontrolled Recursion Vulnerability (CVE-2022-37034)

CVE-2022-37034

CWE-674

Medium

DotCMS unrestricted file upload (CVE-2022-26352)

CVE-2022-26352

CWE-434

High

Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-3189)

CVE-2017-3189

CWE-434

High

Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-11466)

CVE-2017-11466

CWE-434

High

Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-19138)

CVE-2020-19138

CWE-434

Critical

Dot CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-17422)

CVE-2018-17422

CWE-601

Medium

Dot CMS Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2022-45782)

CVE-2022-45782

CWE-338

High

Dotenv .env file

CWE-538

High

DotNetNuke multiple vulnerabilities

CVE-2012-1030

CWE-79

High

Dragonfly Arbitrary File Read/Write (CVE-2021-33564)

CVE-2021-33564

CWE-20

High

Drupal 7 arbitrary PHP code execution and information disclosure

CVE-2012-4553 CVE-2012-4554

CWE-264

High

Drupal 7PK - Security Features Vulnerability (CVE-2016-3163)

CVE-2016-3163

High

Drupal 7PK - Security Features Vulnerability (CVE-2016-3168)

CVE-2016-3168

Medium

Standard & Premium

Severity

Vulnerability Categories

Still Have Questions?

Take action and discover your vulnerabilities