Description

SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.

Remediation

References

CVE-2016-8904

Related Vulnerabilities

WordPress Plugin Smart Marketing SMS and Newsletters Forms Cross-Site Scripting (1.1.1)

WordPress Plugin Multi Feed Reader SQL Injection (2.2.3)

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder Security Bypass (1.7.14)

WordPress Plugin JS MultiHotel Multiple Vulnerabilities (2.2.1)

Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-11201)

Severity

High

Classification

CVE-2016-8904 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities