CVE-2016-4040

CVE-2016-4040

EPSS 1.3%

SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://dotcms.com/security/SI-36 https://github.com/dotCMS/core/commit/bc4db5d71dc67015572f8e4c6fdf87e29b854d02 https://github.com/dotCMS/core/issues/8840