CVE-2016-8902
9.8CRITICALSQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter.
Publicado: 11/14/2016Atualizado: 4/12/2025
Descrição
SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter.
Análise IADesenvolvido por IA
Produtos Afetados
dotcmsdotcms
Referências
- http://seclists.org/fulldisclosure/2016/Nov/0Third Party Advisory
- http://www.securityfocus.com/bid/94311Technical DescriptionVDB Entry
- https://github.com/dotCMS/core/pull/8460/PatchVendor Advisory
- https://github.com/dotCMS/core/pull/8468/PatchVendor Advisory
- https://security.elarlang.eu/multiple-sql-injection-vulnerabilities-in-dotcms-8x-cve-full-disclosure.htmlExploitThird Party Advisory
- http://seclists.org/fulldisclosure/2016/Nov/0Third Party Advisory
- http://www.securityfocus.com/bid/94311Technical DescriptionVDB Entry
- https://github.com/dotCMS/core/pull/8460/PatchVendor Advisory
- https://github.com/dotCMS/core/pull/8468/PatchVendor Advisory
- https://security.elarlang.eu/multiple-sql-injection-vulnerabilities-in-dotcms-8x-cve-full-disclosure.htmlExploitThird Party Advisory