SQL Injection Vulnerability in dotCMS by dotCMS
CVE-2017-5344

9.8CRITICAL

Key Information:

Vendor

Dotcms

Status
Dotcms
Vendor
CVE Published:
17 February 2017

What is CVE-2017-5344?

An SQL Injection vulnerability exists in dotCMS versions up to 3.6.1 via the /categoriesServlet path. This issue arises from the findChildrenByFilter() function, which allows for string interpolation and direct execution of SQL queries. Although mitigation measures like SQL quote escaping and a keyword blacklist were introduced to address prior vulnerabilities, these protections can be bypassed through specific parameters (q and inode). This oversight allows attackers to exploit the /categoriesServlet remotely, without authentication, potentially leading to exposure of sensitive information through various blind boolean SQL injection techniques.

References

http://www.securityfocus.com/bid/96259
vdb-entryx_refsource_BID
https://github.com/xdrr/webapp-exploits/blob/master/vendo...
x_refsource_MISC
http://seclists.org/fulldisclosure/2017/Feb/34
x_refsource_MISC

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.