Vulnerability Details CVE-2016-4040
SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 56.5%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
- http://dotcms.com/security/SI-36
- https://github.com/dotCMS/core/commit/bc4db5d71dc67015572f8e4c6fdf87e29b854d02
- https://github.com/dotCMS/core/issues/8840
- http://dotcms.com/security/SI-36
- https://github.com/dotCMS/core/commit/bc4db5d71dc67015572f8e4c6fdf87e29b854d02
- https://github.com/dotCMS/core/issues/8840
Products affected by CVE-2016-4040
-
cpe:2.3:a:dotcms:dotcms:1.9
-
cpe:2.3:a:dotcms:dotcms:1.9.2.1
-
cpe:2.3:a:dotcms:dotcms:1.9.5.1
-
cpe:2.3:a:dotcms:dotcms:2.0
-
cpe:2.3:a:dotcms:dotcms:2.0.1
-
cpe:2.3:a:dotcms:dotcms:2.1
-
cpe:2.3:a:dotcms:dotcms:2.1.1
-
cpe:2.3:a:dotcms:dotcms:2.2
-
cpe:2.3:a:dotcms:dotcms:2.2.1
-
cpe:2.3:a:dotcms:dotcms:2.3
-
cpe:2.3:a:dotcms:dotcms:2.3.1
-
cpe:2.3:a:dotcms:dotcms:2.3.2
-
cpe:2.3:a:dotcms:dotcms:2.5
-
cpe:2.3:a:dotcms:dotcms:2.5.1
-
cpe:2.3:a:dotcms:dotcms:2.5.2
-
cpe:2.3:a:dotcms:dotcms:2.5.3
-
cpe:2.3:a:dotcms:dotcms:2.5.4
-
cpe:2.3:a:dotcms:dotcms:3.0
-
cpe:2.3:a:dotcms:dotcms:3.0.1
-
cpe:2.3:a:dotcms:dotcms:3.1
-
cpe:2.3:a:dotcms:dotcms:3.2
-
cpe:2.3:a:dotcms:dotcms:3.2.1
-
cpe:2.3:a:dotcms:dotcms:3.2.2
-
cpe:2.3:a:dotcms:dotcms:3.2.3
-
cpe:2.3:a:dotcms:dotcms:3.2.4
-
cpe:2.3:a:dotcms:dotcms:3.3
-
cpe:2.3:a:dotcms:dotcms:3.3.1