|Requires Admin Access:||Yes|
|Fix Version:||3.3.2, 3.5|
|Credit:||p0x2015 <573031544 () qq com>|
A SQL injection vulnerability has been identified in dotCMS 3.3 which, if successfully exploited, could allow an attacker to access sensitive information in the dotcms database.
Prevent external access to the /dwr endpoint uri via firewall rules.