dotCMS 5.0 through 5.3.9 allows SQL injection by an authenticated user via the system REST api using the endpoint /api/v1/containers.  The classes that are used to paginate results of some REST requests do not sanitize the orderBy parameter and in some cases is vulnerable to SQL injection attacks.

A user must be an authenticated manager in the dotCMS system to
exploit this vulnerability.

An OSGI plugin that mitigates the issue for versions 5.0.3-5.3.9 can be found here:

https://github.com/dotCMS/patches-hotfixes/tree/master/com.dotcms.rest.filtersanitizer

The plugin is compatible with dotCMS 5.0.3 up to 5.3.9.

Report:
https://github.com/dotCMS/core/issues/19500

CVE:
https://nvd.nist.gov/vuln/detail/CVE-2020-27848

HotFix:
https://github.com/dotCMS/patches-hotfixes/tree/master/com.dotcms.rest.filtersanitizer

Github Issue:
https://github.com/dotCMS/core/issues/19500