CVE-2016-2355

Published December 19th, 2016

View on NVD ↗

CVSS v3

N/A

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1.

dotCMS/core

The Visual Headless Content Management System for Enterprises

GitHub

947