Security Features in dotCMS - CVE-2016-8600
Published: October 28, 2016 / Updated: August 9, 2020
Vulnerability identifier: #VU40067
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-8600
CWE-ID: CWE-254
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: dotCMS LLC
Affected software:
dotCMS
dotCMS
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to manipulate data.
In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later.
How to mitigate CVE-2016-8600
Install update from vendor's website.