CVE-2025-8311P1CRITICALCVSS 9.4ExploitedPoCv24.03.22+2025-09-04
CVE-2025-8311 [CRITICAL] CWE-89 CVE-2025-8311: dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/
dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint. This endpoint uses the sites query parameter, which accepts a comma-separated list of site identifiers or keys.
The vulnerability was triggered via the sites parameter, which was directly concatenated into a SQL query without
nvd