CVE-2016-10008

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-10008

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10008.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-10008

Published

2018-02-19T21:29:00Z

Modified

2025-10-21T02:35:44Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the EXTSTRUCTURE_direction parameter.

References

https://security.elarlang.eu/cve-2016-10007-and-cve-2016-10008-2-sql-injection-vulnerabilities-in-dotcms-blacklist-defence-bypass.html

Affected packages

Git / github.com/dotcms/core

Affected ranges

Type: GIT
Repo: https://github.com/dotcms/core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

80ee268510783cef77379f5a6edf521360f62e41

Database specific

vanir_signatures

[
    {
        "id": "CVE-2016-10008-41e9b27f",
        "source": "https://github.com/dotcms/core/commit/80ee268510783cef77379f5a6edf521360f62e41",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "copyFile",
            "file": "src/com/liferay/util/FileUtil.java"
        },
        "digest": {
            "function_hash": "241290185298621007891554281505603001687",
            "length": 1428.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2016-10008-e08342d2",
        "source": "https://github.com/dotcms/core/commit/80ee268510783cef77379f5a6edf521360f62e41",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "src/com/liferay/util/FileUtil.java"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "265946632852977932884128303523723670357",
                "13482300393090543924373351283402629937",
                "220443842849963031689705473488796405003",
                "203171384533745067307694449108004937646",
                "244292544630254535834032209736813068084",
                "260461937911369816127414969336548146849",
                "133983341553324629258352119917993962604",
                "299375530979815561759792828130811945616",
                "229110762949656756505728177505570272711",
                "124567665829881372031395064227602406218",
                "171963961573273996838622609950302628711",
                "340061050881395914732568479998546868364",
                "177567182682626147400453667193036476928",
                "296725623971164824783348025728011110511",
                "295777887788058699715451959152427729266",
                "84541143191960029505396679507957125368",
                "254509219103326428455973536178702520039",
                "61032253393225981299728110177731355402",
                "143469709883192342097233796258580431211",
                "167194415994947220182316305709581354125"
            ]
        },
        "signature_type": "Line"
    }
]