|Requires Admin Access:||Yes|
|Fix Version:||20.10.1, 5.3.8 LTS|
dotCMS 5.0 through 5.3.9 allows SQL injection by an authenticated user via the system REST api using the endpoint /api/v1/containers. The classes that are used to paginate results of some REST requests do not sanitize the orderBy parameter and in some cases is vulnerable to SQL injection attacks.
A user must be an authenticated manager in the dotCMS system to
An OSGI plugin that mitigates the issue for versions 5.0.3-5.3.9 can be found here:
The plugin is compatible with dotCMS 5.0.3 up to 5.3.9.