CVE-2016-4040

CVE-2016-4040

EPSS 1.3%

SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://dotcms.com/security/SI-36 https://github.com/dotCMS/core/commit/bc4db5d71dc67015572f8e4c6fdf87e29b854d02 https://github.com/dotCMS/core/issues/8840