Description

SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.

Remediation

References

CVE-2016-8903

Related Vulnerabilities

MySQL CVE-2020-2570 Vulnerability (CVE-2020-2570)

Joomla! Core Security Bypass (1.6.0 - 3.6.5)

WordPress Plugin Cool Video Gallery Cross-Site Request Forgery (1.8)

WordPress Plugin WooCommerce Quick Reports Cross-Site Scripting (1.0.6)

WordPress Plugin Sagenda-Free booking system PHP Object Injection (1.3.2)

Severity

High

Classification

CVE-2016-8903 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities