{"id":"CVE-2016-4040","details":"SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.","modified":"2026-04-11T03:43:46.375858Z","published":"2016-04-19T14:59:03.953Z","references":[{"type":"ADVISORY","url":"http://dotcms.com/security/SI-36"},{"type":"REPORT","url":"https://github.com/dotCMS/core/issues/8840"},{"type":"FIX","url":"https://github.com/dotCMS/core/commit/bc4db5d71dc67015572f8e4c6fdf87e29b854d02"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dotcms/core","events":[{"introduced":"0"},{"last_affected":"55f3f10337ebebf74c22ac82a411c4af276c6b09"},{"fixed":"bc4db5d71dc67015572f8e4c6fdf87e29b854d02"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.3.1"}]}}],"versions":["3.0","3.2","3.2.1","3.3","3.3.1","3.5_Preview01","3.5_Preview02","pre3.5buildrevert"],"database_specific":{"vanir_signatures_modified":"2026-04-11T03:43:46Z","vanir_signatures":[{"signature_type":"Function","target":{"file":"src/com/dotmarketing/portlets/workflows/model/WorkflowSearcher.java","function":"WorkflowSearcher"},"id":"CVE-2016-4040-26d5e3a3","source":"https://github.com/dotcms/core/commit/bc4db5d71dc67015572f8e4c6fdf87e29b854d02","signature_version":"v1","deprecated":false,"digest":{"function_hash":"146553412463661694529665155956298200977","length":902}},{"signature_type":"Line","target":{"file":"src/com/dotmarketing/factories/EmailFactory.java"},"id":"CVE-2016-4040-5f779027","source":"https://github.com/dotcms/core/commit/bc4db5d71dc67015572f8e4c6fdf87e29b854d02","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["168548086562533713783805126038546190139","45393739089889810706477200054240485474","49667685965912731254771251782507568244"]}},{"signature_type":"Line","target":{"file":"src/com/dotmarketing/portlets/workflows/model/WorkflowSearcher.java"},"id":"CVE-2016-4040-72fc4a84","source":"https://github.com/dotcms/core/commit/bc4db5d71dc67015572f8e4c6fdf87e29b854d02","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["183110635773772962403820442937360175254","109398318881901452971784643168045281612","88540287413814294498137852660443171517","155034379425858125024455644027391605368","135506950140576638110624424402855858996","133160561274209008444879932633734323434","120496209273316070342038657811520055497","85443978690946867411732431428255038325","19992149743797101135100577514139435588","127958600653692894327406137188774956745","95985371943781611890276119361519373811","148862143083758759146610132129283791538","191798460094123393394033478898197378544","158202531139467800518846169706354333925","166747397672484010138772718834442634359","109841636642039664459818389343207290787"]}},{"signature_type":"Function","target":{"file":"src/com/dotmarketing/portlets/workflows/model/WorkflowSearcher.java","function":"getOrderBy"},"id":"CVE-2016-4040-c563e73a","source":"https://github.com/dotcms/core/commit/bc4db5d71dc67015572f8e4c6fdf87e29b854d02","signature_version":"v1","deprecated":false,"digest":{"function_hash":"176800501469594472534976216634135012135","length":39}},{"signature_type":"Function","target":{"file":"src/com/dotmarketing/factories/EmailFactory.java","function":"sendParameterizedEmail"},"id":"CVE-2016-4040-dd723b7e","source":"https://github.com/dotcms/core/commit/bc4db5d71dc67015572f8e4c6fdf87e29b854d02","signature_version":"v1","deprecated":false,"digest":{"function_hash":"293721798236642630076371622678211121054","length":7446}},{"signature_type":"Line","target":{"file":"src/com/dotmarketing/cms/webforms/action/SubmitWebFormAction.java"},"id":"CVE-2016-4040-ec7dd845","source":"https://github.com/dotcms/core/commit/bc4db5d71dc67015572f8e4c6fdf87e29b854d02","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["120760799192413248715899379604117319749","243884907574043380725466628929912262363","264411183942065243064873136232911912113","141689773236307926928748816832140005811"]}},{"signature_type":"Function","target":{"file":"src/com/dotmarketing/cms/webforms/action/SubmitWebFormAction.java","function":"unspecified"},"id":"CVE-2016-4040-f24a06d3","source":"https://github.com/dotcms/core/commit/bc4db5d71dc67015572f8e4c6fdf87e29b854d02","signature_version":"v1","deprecated":false,"digest":{"function_hash":"186321998741370624673172654221131130721","length":5698}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4040.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}