Arbitrary SQL Command Execution via sort Parameter in dotCMS JSONTags Servlet
CVE-2016-8905 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter.
Learn more about our Cms Pen Testing.