CVE-2016-3688 in dotCMSinfo

Summary

SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsible

Reservation

03/30/2016

Disclosure

04/19/2016

Moderation

VulDB entry created

Entries

VDB-82567

CPE

ready

CWE

CWE-200 (Confirmed)

CVSS

6.5

EPSS

0.00111

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-3688
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-3688
CVE Details	https://www.cvedetails.com/cve/CVE-2016-3688/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!