Issues » Authenticated User SQL Injection Vulnerability in api

Issue: SI-56
Date: Oct 30, 2020, 5:15:00 AM
Severity: Medium
Requires Admin Access: Yes
Fix Version: 20.10.1, 5.3.8 LTS
Credit: xiaozhicai (github)

dotCMS 5.0 through 5.3.9 allows SQL injection by an authenticated user via the system REST api using the endpoint /api/v1/containersThe classes that are used to paginate results of some REST requests do not sanitize the orderBy parameter and in some cases is vulnerable to SQL injection attacks.

A user must be an authenticated manager in the dotCMS system to
exploit this vulnerability.


An OSGI plugin that mitigates the issue for versions 5.0.3-5.3.9 can be found here:

The plugin is compatible with dotCMS 5.0.3 up to 5.3.9.





Github Issue: