Description

SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter.

Remediation

References

CVE-2016-8902

Related Vulnerabilities

WordPress Plugin WordPress Mobile Pack Information Disclosure (2.1.2)

Oracle JRE CVE-2014-0458 Vulnerability (CVE-2014-0458)

Drupal Core 9.2.x Security Bypass (9.2.0 - 9.2.19)

WordPress Plugin Google Doc Embedder Cross-Site Scripting (2.5.18)

WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (2.3.0)

Severity

Critical

Classification

CVE-2016-8902 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities