CNNVD-202509-600 Information
CNNVD ID
CNNVD-202509-600
Related CVE
- CNNVD Published: 2025-09-04
Description (Chinese)
DotCMS是DotCMS公司的一个用 Java 编写的开源内容管理系统。用于管理内容和内容驱动的站点和应用程序。 dotCMS 24.03.22及之后版本存在安全漏洞,该漏洞源于/api/v1/contenttype端点中sites参数未正确清理,可能导致SQL注入攻击。
Description (English)
DotCMS is an open-source content management system developed by DotCMS using Java. Sites and applications to manage content and content-driven. There is a security loophole in the dotCMS 24.03.22 and later versions, which stems from the incorrect clean-up of the sites parameters at the /api/v1/contenttype endpoint, which could lead to an SQL injection attack.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
DotCMS
Published
2025-09-04
Last Modified
2026-02-24
References
https://dev.dotcms.com/docs/known-security-issues?issueNumber=SI-73 https://cxsecurity.com/issue/WLB-2025120017 https://www.exploit-db.com/exploits/52431
Patch
https://dev.dotcms.com/docs/known-security-issues?issueNumber=SI-73
Share on: