| Max CVSS | 7.5 | Min CVSS | 6.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-8906 | 6.5 |
SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
|
29-11-2016 - 19:26 | 14-11-2016 - 23:20 | |
| CVE-2016-8905 | 6.5 |
SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter.
|
29-11-2016 - 19:25 | 14-11-2016 - 23:20 | |
| CVE-2016-8904 | 6.5 |
SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
|
29-11-2016 - 19:24 | 14-11-2016 - 23:20 | |
| CVE-2016-8903 | 6.5 |
SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
|
29-11-2016 - 19:22 | 14-11-2016 - 23:20 | |
| CVE-2016-8902 | 7.5 |
SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter.
|
29-11-2016 - 19:22 | 14-11-2016 - 23:20 | |
| CVE-2016-8907 | 6.5 |
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
|
29-11-2016 - 19:20 | 14-11-2016 - 23:20 | |
| CVE-2016-8908 | 6.5 |
SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
|
29-11-2016 - 19:18 | 14-11-2016 - 23:20 |