Description

SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.

Remediation

References

CVE-2016-8906

Related Vulnerabilities

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9853)

Jboss EAP CVE-2012-4529 Vulnerability (CVE-2012-4529)

WordPress Plugin Contest Gallery-Photo Contest for WordPress Security Bypass (13.1.0.6)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (2.0.10)

WordPress Plugin Form Store to DB Unspecified Vulnerability (1.1.0)

Severity

High

Classification

CVE-2016-8906 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities