CVE-2016-8902

Published November 14th, 2016

View on NVD ↗

CVSS v3

N/A

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter.

dotCMS/core

The Visual Headless Content Management System for Enterprises

GitHub

947