CVE-2025-8311
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-04

Last updated on: 2025-09-11

Assigner: dotCMS LLC

Description
dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint. This endpoint uses the sites query parameter, which accepts a comma-separated list of site identifiers or keys. The vulnerability was triggered via the sites parameter, which was directly concatenated into a SQL query without proper sanitization. Exploitation allowed an authenticated attacker with low privileges to extract data from database, perform privilege escalation, or trigger denial-of-service conditions. The vulnerability was verified using tools such as SQLMap and confirmed to allow full database exfiltration and potential denial-of-service conditions via crafted payloads. The vulnerability is fixed in the following versions of dotCMS stack: 25.08.14 / 25.07.10-1v2 LTS / 24.12.27v10 LTS / 24.04.24v21 LTS
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2025-09-11
Generated
2026-05-27
AI Q&A
2025-09-04
EPSS Evaluated
2026-05-25
NVD
CVE-2025-8311
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dotcms dotcms *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Boolean-based blind SQL injection in dotCMS versions 24.03.22 and later, specifically in the /api/v1/contenttype endpoint. It occurs because the 'sites' query parameter is directly concatenated into a SQL query without proper sanitization. An authenticated attacker with low privileges can exploit this to extract data from the database, escalate privileges, or cause denial-of-service conditions.


How can this vulnerability impact me? :

Exploitation of this vulnerability can allow an attacker with low privileges to extract sensitive data from the database, escalate their privileges within the system, or cause denial-of-service conditions, potentially disrupting service availability.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection can be performed by testing the /api/v1/contenttype endpoint's sites parameter for SQL injection vulnerabilities. Tools like SQLMap have been used to verify this vulnerability. You can run a command similar to: sqlmap -u "http://<target>/api/v1/contenttype?sites=1" --cookie="<authentication_cookie>" --technique=B --level=5 --risk=3 to test for Boolean-based blind SQL injection. Ensure you have proper authorization before testing.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include upgrading dotCMS to one of the fixed versions: 25.08.14, 25.07.10-1v2 LTS, 24.12.27v10 LTS, or 24.04.24v21 LTS. Additionally, restrict access to the /api/v1/contenttype endpoint to trusted users only, monitor for suspicious activity, and apply web application firewall (WAF) rules to detect and block SQL injection attempts targeting the sites parameter.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart