Arbitrary SQL Command Execution Vulnerability in dotCMS before 3.5

Arbitrary SQL Command Execution Vulnerability in dotCMS before 3.5

CVE-2016-3688 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr.

Learn more about our Cms Pen Testing.