Description

SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter.

Remediation

References

CVE-2016-8905

Related Vulnerabilities

Oracle Application Server Other Vulnerability (CVE-2004-1774)

WordPress Plugin Contact Form Submissions Unspecified Vulnerability (1.6.3)

Jenkins Improper Input Validation Vulnerability (CVE-2018-1000068)

WordPress Plugin File Manager Advanced Shortcode Directory Traversal (2.4)

WordPress Plugin WORDPRESS VIDEO GALLERY Open Email Relay (2.8)

Severity

High

Classification

CVE-2016-8905 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities