Description

SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1.

Remediation

References

CVE-2016-2355

Related Vulnerabilities

WordPress Plugin Newsletter by Supsystic SQL Injection (1.5.5)

WordPress Plugin Gravity Forms Salesforce Cross-Site Scripting (1.2.4)

phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9866)

WordPress Plugin YITH WooCommerce Zoom Magnifier Cross-Site Scripting (1.1.8)

WordPress Plugin Universal Star Rating Unspecified Vulnerability (1.10.3)

Severity

Critical

Classification

CVE-2016-2355 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities