Description
SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
Remediation
References
Related Vulnerabilities
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9853)
Jboss EAP CVE-2012-4529 Vulnerability (CVE-2012-4529)
WordPress Plugin Contest Gallery-Photo Contest for WordPress Security Bypass (13.1.0.6)
WordPress Plugin Form Store to DB Unspecified Vulnerability (1.1.0)