Description

SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.

Remediation

References

CVE-2016-8907

Related Vulnerabilities

WordPress Plugin WP Live Chat Support Pro Unspecified Vulnerability (8.0.07)

Oracle Application Server Other Vulnerability (CVE-2002-2153)

WordPress Plugin Loginizer Multiple Vulnerabilities (1.3.5)

Oracle Database Server CVE-2009-1021 Vulnerability (CVE-2009-1021)

WordPress Plugin Cardinity Payment Gateway for WooCommerce Cross-Site Scripting (3.0.6)

Severity

High

Classification

CVE-2016-8907 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities