Issues » SQL Injection from Workflow Screen III

Issue: SI-36
Date: Apr 12, 2016, 7:15:00 AM
Severity: Medium
Requires Admin Access: Yes
Fix Version: 3.3.2, 3.5
Credit: Elar Lang (Clarified Security –

SQL Injection via workflow screen orderby parameter - requires Authentication.


Restrict the URL pattern /html/portlet to your administrator's IP range.


Highly Rated and Recommended

We're rated Excellent 4.2/5 stars on G2 - with 95+ verified reviews