Description
SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr.
Remediation
References
Related Vulnerabilities
Zope Web Application Server Other Vulnerability (CVE-2006-3458)
MySQL Configuration Vulnerability (CVE-2012-5613)
WordPress Plugin DX Share Selection Cross-Site Request Forgery (1.4)
MySQL CVE-2021-35632 Vulnerability (CVE-2021-35632)
Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2513)