Description

SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.

Remediation

References

CVE-2016-4040

Related Vulnerabilities

OpenSSL Other Vulnerability (CVE-2003-0544)

WordPress Authentication Bypass Using an Alternate Path or Channel Vulnerability (CVE-2020-4050)

Oracle Database Server CVE-2015-4925 Vulnerability (CVE-2015-4925)

Joomla! Core 3.x.x SQL Injection (3.1.0 - 3.2.2)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (3.9.4)

Severity

High

Classification

CVE-2016-4040 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities