CVE-2016-8905
8.8HIGHSQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter.
Publicado: 11/14/2016Actualizado: 4/12/2025
Descripción
SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter.
Análisis IAImpulsado por IA
Productos Afectados
dotcmsdotcms
Referencias
- http://seclists.org/fulldisclosure/2016/Nov/0ExploitThird Party Advisory
- http://www.securityfocus.com/bid/94311Third Party AdvisoryVDB Entry
- https://github.com/dotCMS/core/pull/8460/PatchVendor Advisory
- https://github.com/dotCMS/core/pull/8468/PatchVendor Advisory
- https://security.elarlang.eu/multiple-sql-injection-vulnerabilities-in-dotcms-8x-cve-full-disclosure.htmlExploitThird Party Advisory
- http://seclists.org/fulldisclosure/2016/Nov/0ExploitThird Party Advisory
- http://www.securityfocus.com/bid/94311Third Party AdvisoryVDB Entry
- https://github.com/dotCMS/core/pull/8460/PatchVendor Advisory
- https://github.com/dotCMS/core/pull/8468/PatchVendor Advisory
- https://security.elarlang.eu/multiple-sql-injection-vulnerabilities-in-dotcms-8x-cve-full-disclosure.htmlExploitThird Party Advisory