How severe is CVE-2016-8902?

CVE-2016-8902 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2016-8902

Name: dotcms
Author: dotcms

9.8CRITICAL

SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter.

Publicado: 11/14/2016Actualizado: 4/12/2025

Descripción

SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter.

Análisis IAImpulsado por IA

Productos Afectados

dotcmsdotcms

Referencias

http://seclists.org/fulldisclosure/2016/Nov/0
Third Party Advisory
http://www.securityfocus.com/bid/94311
Technical DescriptionVDB Entry
https://github.com/dotCMS/core/pull/8460/
PatchVendor Advisory
https://github.com/dotCMS/core/pull/8468/
PatchVendor Advisory
https://security.elarlang.eu/multiple-sql-injection-vulnerabilities-in-dotcms-8x-cve-full-disclosure.html
ExploitThird Party Advisory
http://seclists.org/fulldisclosure/2016/Nov/0
Third Party Advisory
http://www.securityfocus.com/bid/94311
Technical DescriptionVDB Entry
https://github.com/dotCMS/core/pull/8460/
PatchVendor Advisory
https://github.com/dotCMS/core/pull/8468/
PatchVendor Advisory
https://security.elarlang.eu/multiple-sql-injection-vulnerabilities-in-dotcms-8x-cve-full-disclosure.html
ExploitThird Party Advisory