Arbitrary SQL Command Execution via sort Parameter in dotCMS JSONTags Servlet

Arbitrary SQL Command Execution via sort Parameter in dotCMS JSONTags Servlet

CVE-2016-8905 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter.

Learn more about our Cms Pen Testing.