CVE-2012-1826

Severity

60%

Complexity

68%

Confidentiality

106%

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.

CVSS 2.0 Base Score 6. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P).

Overview

First reported 12 years ago

2012-06-08 16:55:00

Last updated 12 years ago

2012-11-27 04:41:00

Affected Software

dotcms 1.9

1.9

dotcms 1.9.2.1

1.9.2.1

References

http://dotcms.com/dotCMSVersions/

82240

49276

VU#898083

US Government Resource

53688

https://gist.github.com/2627440

https://github.com/dotCMS/dotCMS/issues/261

https://github.com/dotCMS/dotCMS/issues/281

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.