[FD] Multiple SQL injection vulnerabilities in dotCMS (8x CVE)

Title: Multiple SQL injection vulnerabilities in dotCMS (8x CVE) Credit: Elar Lang / https://security.elarlang.eu Vendor/Product: dotCMS (http://dotcms.com/) Vulnerability: SQL injection Vulnerable version: before 3.5; 3.3.1 and 3.3.2 (depends on CVE) CVE: CVE-2016-8902, CVE-2016-8903, CVE-2016-890

Re: [FD] Multiple SQL injection vulnerabilities in dotCMS (8x CVE)

> On Oct 31, 2016, at 2:41 PM, Elar Lang wrote: > > Title: Multiple SQL injection vulnerabilities in dotCMS (8x CVE) > Credit: Elar Lang / https://security.elarlang.eu > Vendor/Product: dotCMS (http://dotcms.com/) > Vulnerability: SQL injection > Vulnerable version: before 3.5; 3.3.1 and 3.3.2 (

Re: [FD] Multiple SQL injection vulnerabilities in dotCMS (8x CVE)

On Tue, Nov 1, 2016 at 5:05 PM, Brandon Perry wrote: > >> On Oct 31, 2016, at 2:41 PM, Elar Lang wrote: >> >> Title: Multiple SQL injection vulnerabilities in dotCMS (8x CVE) >> Credit: Elar Lang / https://security.elarlang.eu >> Vendor/Product: dotCMS (http://dotcms.com/) >> Vulnerability: SQL i