Dot CMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2016-10008
SQL injection vulnerability in the quotContent Types gt Content Typesquot screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter.