Lucene search
HistoryJul 11, 2014 - 2:55 p.m.
CVE-2014-3992
cve
2014
3992
dolibarr
erp
crm
sql injection
vulnerability
nvd
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.3 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
44.1%
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php.
Affected configurations
Node
dolibarrdolibarr_erp\/crmMatch3.5.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| dolibarr:dolibarr_erp\/crm | dolibarr dolibarr erp/crm | eq | 3.5.3 |
References
Social References
More
Related
zdt
zdt
Dolibarr CMS 3.5.3 - Multiple Security Vulnerabilities
2014-07-08 00:00:00
packetstorm
packetstorm
Dolibarr CMS 3.5.3 SQL Injection / Cross Site Scripting
2014-07-08 00:00:00
ubuntucve
ubuntucve
CVE-2014-3992
2014-07-11 00:00:00
cvelist
cvelist
CVE-2014-3992
2014-07-11 14:00:00
prion
prion
Sql injection
2014-07-11 14:55:00
nvd
nvd
CVE-2014-3992
2014-07-11 14:55:04
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.3 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
44.1%
Related for CVE-2014-3992