SQL Injection Vulnerability in dotCMS before 5.1.6 via view_unpushed_bundles.jsp

SQL Injection Vulnerability in dotCMS before 5.1.6 via view_unpushed_bundles.jsp

CVE-2019-12872 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.