Description
SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
Remediation
References
Related Vulnerabilities
MySQL CVE-2020-2570 Vulnerability (CVE-2020-2570)
Joomla! Core Security Bypass (1.6.0 - 3.6.5)
WordPress Plugin Cool Video Gallery Cross-Site Request Forgery (1.8)
WordPress Plugin WooCommerce Quick Reports Cross-Site Scripting (1.0.6)
WordPress Plugin Sagenda-Free booking system PHP Object Injection (1.3.2)