CVE-2019-12872

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
18/06/2019
Last modified:
18/06/2019

Description

dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:* 5.1.6 (excluding)