Update to 1.9.9 (bugfix release for CVE-2016-7146, CVE-2016-7148)
Monthly Archives: November 2016
moin-1.9.9-1.fc24
Update to 1.9.9 (bugfix release for CVE-2016-7146, CVE-2016-7148)
moin-1.9.9-1.fc25
Update to 1.9.9 (bugfix release for CVE-2016-7146, CVE-2016-7148)
CVE-2016-8902
SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter.
CVE-2016-8903
SQL injection vulnerability in the “Site Browser > Templates pages” screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
CVE-2016-8904
SQL injection vulnerability in the “Site Browser > Containers pages” screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
CVE-2016-8905
SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter.
CVE-2016-8906
SQL injection vulnerability in the “Site Browser > Links pages” screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
CVE-2016-8907
SQL injection vulnerability in the “Content Types > Content Types” screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
CVE-2016-8908
SQL injection vulnerability in the “Site Browser > HTML pages” screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.