Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1826)

Description

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.

Remediation

References

Related Vulnerabilities

Oracle Database Server CVE-2024-20995 Vulnerability (CVE-2024-20995)

MediaWiki Missing Authentication for Critical Function Vulnerability (CVE-2019-12468)

WordPress Plugin Ultimate Google Analytics Cross-Site Request Forgery (1.6.0)

phpMyAdmin Other Vulnerability (CVE-2001-1060)

WordPress 4.0.x Arbitrary File Deletion Vulnerability (4.0 - 4.0.23)

Severity

Medium

Classification

CVE-2012-1826 CWE-264

Tags

Missing Update Known Vulnerabilities