CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-8908 – dotCMS 3.x SQL Injection
https://notcve.org/view.php?id=CVE-2016-8908
SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. Vulnerabilidad de inyección SQL en la pantalla "Site Browser > HTML pages" en dotCMS en versiones anteriores a 3.3.1 permite a atacantes remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro orderby. dotCMS versions before 3.5, 3.3.1, and 3.3.2 suffer from multiple remote SQL injection vulnerabilities. • http://seclists.org/fulldisclosure/2016/Nov/0 http://www.securityfocus.com/bid/94311 https://github.com/dotCMS/core/pull/8460 https://github.com/dotCMS/core/pull/8468 https://security.elarlang.eu/multiple-sql-injection-vulnerabilities-in-dotcms-8x-cve-full-disclosure.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-8905 – dotCMS 3.x SQL Injection
https://notcve.org/view.php?id=CVE-2016-8905
SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter. Vulnerabilidad de inyección SQL en el servlet JSONTags en dotCMS en versiones anteriores a 3.3.1 permite a atacantes remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro sort. dotCMS versions before 3.5, 3.3.1, and 3.3.2 suffer from multiple remote SQL injection vulnerabilities. • http://seclists.org/fulldisclosure/2016/Nov/0 http://www.securityfocus.com/bid/94311 https://github.com/dotCMS/core/pull/8460 https://github.com/dotCMS/core/pull/8468 https://security.elarlang.eu/multiple-sql-injection-vulnerabilities-in-dotcms-8x-cve-full-disclosure.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-8902 – dotCMS 3.x SQL Injection
https://notcve.org/view.php?id=CVE-2016-8902
SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter. Vulnerabilidad de inyección SQL en el servlet categoriesServlet en dotCMS en versiones anteriores a 3.3.1 permite a atacantes remotos no autenticados ejecutar comandos SQL arbitrarios a través del parámetro sort dotCMS versions before 3.5, 3.3.1, and 3.3.2 suffer from multiple remote SQL injection vulnerabilities. • http://seclists.org/fulldisclosure/2016/Nov/0 http://www.securityfocus.com/bid/94311 https://github.com/dotCMS/core/pull/8460 https://github.com/dotCMS/core/pull/8468 https://security.elarlang.eu/multiple-sql-injection-vulnerabilities-in-dotcms-8x-cve-full-disclosure.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-8903 – dotCMS 3.x SQL Injection
https://notcve.org/view.php?id=CVE-2016-8903
SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. Vulnerabilidad de inyección SQL en la pantalla "Site Browser > Templates pages" en dotCMS en versiones anteriores a 3.3.1 permite a atacantes remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro orderby. dotCMS versions before 3.5, 3.3.1, and 3.3.2 suffer from multiple remote SQL injection vulnerabilities. • http://seclists.org/fulldisclosure/2016/Nov/0 http://www.securityfocus.com/bid/94311 https://github.com/dotCMS/core/pull/8460 https://github.com/dotCMS/core/pull/8468 https://security.elarlang.eu/multiple-sql-injection-vulnerabilities-in-dotcms-8x-cve-full-disclosure.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-8906 – dotCMS 3.x SQL Injection
https://notcve.org/view.php?id=CVE-2016-8906
SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. Vulnerabilidad de inyección SQL en la pantalla "Site Browser > Links pages" en dotCMS en versiones anteriores a 3.3.1 permite a atacantes remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro orderby. dotCMS versions before 3.5, 3.3.1, and 3.3.2 suffer from multiple remote SQL injection vulnerabilities. • http://seclists.org/fulldisclosure/2016/Nov/0 http://www.securityfocus.com/bid/94311 https://github.com/dotCMS/core/pull/8460 https://github.com/dotCMS/core/pull/8468 https://security.elarlang.eu/multiple-sql-injection-vulnerabilities-in-dotcms-8x-cve-full-disclosure.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •