CVE-2016-8908

Published November 14th, 2016

View on NVD ↗

CVSS v3

N/A

CVSS v2

6.5

MEDIUM

Affected

PROJECT

Description

SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.

dotCMS/core

The Visual Headless Content Management System for Enterprises

GitHub

947