CVE-2017-5344 in dotCMSinfo

Summary

An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), as part of the remediation of CVE-2016-8902; however, these can be overcome in the case of the q and inode parameters to the /categoriesServlet path. Overcoming these controls permits a number of blind boolean SQL injection vectors in either parameter. The /categoriesServlet web path can be accessed remotely and without authentication in a default dotCMS deployment.

Once again VulDB remains the best source for vulnerability data.

Reservation

01/11/2017

Disclosure

02/17/2017

Moderation

VulDB entry created

Entries

VDB-97078 (1)

CPE

ready

CWE

CWE-89 (Confirmed)

Exploit

Download

CVSS

8.5

EPSS

0.08148

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-5344
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-5344
CVE Details	https://www.cvedetails.com/cve/CVE-2017-5344/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!