Code injection

2012-06-0816:55:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.2%

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.

CPENameOperatorVersion
dotcmseq1.9.2.1
dotcmseq1.9

CPE	Name	Operator	Version
	dotcms	eq	1.9.2.1
	dotcms	eq	1.9

References

dotcms.com/dotCMSVersions/

osvdb.org/82240

secunia.com/advisories/49276

www.kb.cert.org/vuls/id/898083

www.securityfocus.com/bid/53688

gist.github.com/2627440

github.com/dotCMS/dotCMS/issues/261

github.com/dotCMS/dotCMS/issues/281