Highly Rated and Recommended
We're rated Excellent 4.2/5 stars on G2 - with 95+ verified reviews
| Issue: |
|
|---|---|
| Date: |
|
| Severity: | Medium |
| Requires Admin Access: | Yes |
| Fix Version: | 5.1.6 |
| Credit: | Johannes Moritz - RIPS TECHNOLOGIES GMBH |
| Description: |
If there are bundles that have not been pushed, it is possible for someone with Publisher permissions to use the view_unpushed_bundles.jsp to inject code into SQL. |
| Mitigation: |
|
| References |
https://github.com/dotCMS/core/issues/16624 |
We're rated Excellent 4.2/5 stars on G2 - with 95+ verified reviews