CVE 2016-2355
SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1.
See the
CVE page on Mitre.org
for more details.