CVE-2016-4040

CVE-2016-4040

EPSS 1.3%

SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://dotcms.com/security/SI-36 https://github.com/dotCMS/core/commit/bc4db5d71dc67015572f8e4c6fdf87e29b854d02 https://github.com/dotCMS/core/issues/8840