Description
SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4592)
phpMyAdmin CVE-2017-18264 Vulnerability (CVE-2017-18264)
WordPress Plugin Newspack Blocks Arbitrary File Upload (3.0.8)
Oracle Application Server CVE-2006-3709 Vulnerability (CVE-2006-3709)
Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.7)