Highly Rated and Recommended
We're rated Excellent 4.2/5 stars on G2 - with 95+ verified reviews
| Issue: |
|
|---|---|
| Date: |
|
| Severity: | Medium |
| Requires Admin Access: | Yes |
| Fix Version: | 3.3.2, 3.5 |
| Credit: | Elar Lang (Clarified Security – www.clarifiedsecurity.com) |
| Description: |
SQL Injection via workflow screen orderby parameter - requires Authentication. |
| Mitigation: |
Restrict the URL pattern /html/portlet to your administrator's IP range. |
| References |
https://github.com/dotCMS/core/commit/bc4db5d71dc67015572f8e4c6fdf87e29b854d02 |
We're rated Excellent 4.2/5 stars on G2 - with 95+ verified reviews