SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2016/Nov/0 | Exploit Third Party Advisory |
http://www.securityfocus.com/bid/94311 | Third Party Advisory VDB Entry |
https://github.com/dotCMS/core/pull/8460/ | Patch Vendor Advisory |
https://github.com/dotCMS/core/pull/8468/ | Patch Vendor Advisory |
https://security.elarlang.eu/multiple-sql-injection-vulnerabilities-in-dotcms-8x-cve-full-disclosure.html | Exploit Third Party Advisory |
http://seclists.org/fulldisclosure/2016/Nov/0 | Exploit Third Party Advisory |
http://www.securityfocus.com/bid/94311 | Third Party Advisory VDB Entry |
https://github.com/dotCMS/core/pull/8460/ | Patch Vendor Advisory |
https://github.com/dotCMS/core/pull/8468/ | Patch Vendor Advisory |
https://security.elarlang.eu/multiple-sql-injection-vulnerabilities-in-dotcms-8x-cve-full-disclosure.html | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 03:00
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/fulldisclosure/2016/Nov/0 - Exploit, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/94311 - Third Party Advisory, VDB Entry | |
References | () https://github.com/dotCMS/core/pull/8460/ - Patch, Vendor Advisory | |
References | () https://github.com/dotCMS/core/pull/8468/ - Patch, Vendor Advisory | |
References | () https://security.elarlang.eu/multiple-sql-injection-vulnerabilities-in-dotcms-8x-cve-full-disclosure.html - Exploit, Third Party Advisory |
Information
Published : 2016-11-14 23:20
Updated : 2024-11-21 03:00
NVD link : CVE-2016-8905
Mitre link : CVE-2016-8905
CVE.ORG link : CVE-2016-8905
JSON object : View
Products Affected
dotcms
- dotcms
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')