CVE-2016-10008

Published: 2018-02-19T21:29Z

Last Modified: 2024-11-21T02:43Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt