SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.
https://github.com/dotCMS/core/issues/8840
https://github.com/dotCMS/core/commit/bc4db5d71dc67015572f8e4c6fdf87e29b854d02