Description

SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.

Remediation

References

CVE-2016-4040

Related Vulnerabilities

Atlassian Jira Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-39127)

Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7913)

WordPress Plugin Shortlinks by Pretty Links-Best WordPress Link Tracking Multiple SQL Injection Vulnerabilities (1.4.56)

Ruby Improper Input Validation Vulnerability (CVE-2013-1821)

Joomla Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2018-11325)

Severity

High

Classification

CVE-2016-4040 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities