CVE-2016-8905

Published November 14th, 2016

View on NVD ↗

CVSS v3

N/A

CVSS v2

6.5

MEDIUM

Affected

PROJECT

Description

SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter.

dotCMS/core

The Visual Headless Content Management System for Enterprises

GitHub

947