2019-06-18 16:15:11 2019-06-18 18:58:57

dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
dotcms 1.9 dotcms 1.9.2.1 dotcms 1.9.5.1 dotcms 2.0 dotcms 2.0.1 dotcms 2.1 dotcms 2.1.1 dotcms 2.2 dotcms 2.2.1 dotcms 2.3 dotcms 2.3.1 dotcms 2.3.2 dotcms 2.5 dotcms 2.5.1 dotcms 2.5.2 dotcms 2.5.3 dotcms 2.5.4 Dotcms Dotcms 3.0 (not an official CPE) Dotcms Dotcms 3.0.1 (not an official CPE) Dotcms Dotcms 3.1 (not an official CPE) Dotcms Dotcms 3.2 (not an official CPE) Dotcms Dotcms 3.2.1 (not an official CPE) Dotcms Dotcms 3.2.2 (not an official CPE) Dotcms Dotcms 3.2.3 (not an official CPE) Dotcms Dotcms 3.2.4 (not an official CPE) Dotcms Dotcms 3.3 (not an official CPE) Dotcms Dotcms 3.3.1 (not an official CPE) Dotcms Dotcms 3.3.2 (not an official CPE) Dotcms Dotcms 3.5 (not an official CPE) Dotcms Dotcms 3.5.1 (not an official CPE) Dotcms Dotcms 3.6.0 (not an official CPE) Dotcms Dotcms 3.6.1 (not an official CPE) Dotcms Dotcms 3.6.2 (not an official CPE) Dotcms Dotcms 3.7.0 (not an official CPE) Dotcms Dotcms 3.7.1 (not an official CPE) Dotcms Dotcms 3.7.2 (not an official CPE) Dotcms Dotcms 4.0.0 (not an official CPE) Dotcms Dotcms 4.0.1 (not an official CPE) Dotcms Dotcms 4.1.0 (not an official CPE) Dotcms Dotcms 4.1.1 (not an official CPE) Dotcms Dotcms 4.2.0 (not an official CPE) Dotcms Dotcms 4.2.1 (not an official CPE) Dotcms Dotcms 4.2.2 (not an official CPE) Dotcms Dotcms 4.2.3 Beta (not an official CPE) Dotcms Dotcms 4.3.0 (not an official CPE) Dotcms Dotcms 4.3.1 (not an official CPE) Dotcms Dotcms 4.3.2 (not an official CPE) Dotcms Dotcms 4.3.3 (not an official CPE) Dotcms Dotcms 4.4.1 (not an official CPE) Dotcms Dotcms 5.0.0 (not an official CPE) Dotcms Dotcms 5.0.1 (not an official CPE) Dotcms Dotcms 5.0.2 (not an official CPE) Dotcms Dotcms 5.0.3 (not an official CPE) Dotcms Dotcms 5.1.0 (not an official CPE) Dotcms Dotcms 5.1.1 (not an official CPE) Dotcms Dotcms 5.1.5 (not an official CPE)