CVE-2012-1826
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
6.0
Description
dotCMS allows remote authenticated users to execute arbitrary Java code
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | com.dotcms:dotcms | >=1.9,<1.9.5.1 | 1.9.5.1 |
References
- http://dotcms.com/dotCMSVersions/
- http://osvdb.org/82240
- http://secunia.com/advisories/49276
- http://www.kb.cert.org/vuls/id/898083
- http://www.securityfocus.com/bid/53688
- https://gist.github.com/2627440
- https://github.com/dotCMS/dotCMS/issues/261
- https://github.com/dotCMS/dotCMS/issues/281
- https://nvd.nist.gov/vuln/detail/CVE-2012-1826
- https://github.com/dotCMS/dotCMS
- https://web.archive.org/web/20201208044614/https://gist.github.com/jtesser/2627440
- https://web.archive.org/web/20210124000108/https://www.securityfocus.com/bid/53688
- http://dotcms.com/dotCMSVersions
CWEs
CWE-264
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.