3 matches found
CVE-2016-10008
SQL injection vulnerability in the "Content Types Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the EXTSTRUCTUREdirection parameter...
CVE-2016-10008
CVE-2016-10008 affects dotCMS (Content Types screen) with an SQL injection in the _EXT_STRUCTURE_direction parameter. Vulnerable in dotCMS versions before 3.7.2 and 4.x before 4.1.1, allowing remote authenticated administrators to execute arbitrary SQL. Fixed in 3.7.2 and 4.1.1; remediation is up...
dotCMS SQL Injection
Title: Multiple SQL injection vulnerabilities in dotCMS 2x CVE Credit: Elar Lang / https://security.elarlang.eu Vendor/Product: dotCMS http://dotcms.com/ Vulnerability: SQL injection Vulnerable version: before 4.1.1. Theoretically would be fixed in 3.7.2 not released yet CVE: CVE-2016-10007,...