Description
SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Cf7Save Extension Cross-Site Scripting (1.0)
WordPress Plugin WordPress Connect Cross-Site Scripting (2.0.3)
WordPress Plugin All-in-One WP Migration Multiple Cross-Site Request Forgery Vulnerabilities (7.1)
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3167)