PT-2012-3571 · Dotcms · Dotcms
Ben Murphy
·
Published
2012-06-08
·
Updated
2022-05-17
·
CVE-2012-1826
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
dotCMS versions 1.9 through 1.9.5.1
Description
The issue allows remote authenticated users to execute arbitrary Java code via crafted templates, specifically (1) XSLT or (2) Velocity templates.
Recommendations
For dotCMS versions 1.9 through 1.9.5.1, update to version 1.9.5.1 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dotcms