Lucene search

K
githubGitHub Advisory DatabaseGHSA-C3H9-Q3JX-W7FC
HistoryMay 24, 2024 - 2:53 p.m.

Dolibarr vulnerable to SQL Injection

2024-05-2414:53:33
CWE-89
GitHub Advisory Database
github.com
4
dolibarr
erp
crm
sql injection
vulnerabilities
remote attacker
database retrieval
parameters

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.9 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in /dolibarr/admin/dict.php.

Affected configurations

Vulners
Node
dolibarrdolibarrRange9.0.1
CPENameOperatorVersion
dolibarr/dolibarrle9.0.1

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.9 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

Related for GHSA-C3H9-Q3JX-W7FC