Loading
dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp.
Use CWE-89, Dotcms vendor hub and Dotcms product page to widen CVE-2019-12872 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2022-26352, CVE-2025-11165 and CVE-2022-45782 for nearby disclosures in the same product family.