CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
56.6%
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php.
Vendor | Product | Version | CPE |
---|---|---|---|
dolibarr | dolibarr_erp\/crm | * | cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:rc:*:*:*:*:*:* |
dolibarr | dolibarr_erp\/crm | 2.5.0 | cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.5.0:*:*:*:*:*:*:* |
dolibarr | dolibarr_erp\/crm | 2.6.0 | cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.6.0:*:*:*:*:*:*:* |
dolibarr | dolibarr_erp\/crm | 2.6.1 | cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.6.1:*:*:*:*:*:*:* |
dolibarr | dolibarr_erp\/crm | 2.7.0 | cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.7.0:*:*:*:*:*:*:* |
dolibarr | dolibarr_erp\/crm | 2.7.1 | cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.7.1:*:*:*:*:*:*:* |
dolibarr | dolibarr_erp\/crm | 2.8.0 | cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.8.0:*:*:*:*:*:*:* |
dolibarr | dolibarr_erp\/crm | 2.8.1 | cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.8.1:*:*:*:*:*:*:* |
dolibarr | dolibarr_erp\/crm | 2.9.0 | cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.9.0:*:*:*:*:*:*:* |
dolibarr | dolibarr_erp\/crm | 3.0.0 | cpe:2.3:a:dolibarr:dolibarr_erp\/crm:3.0.0:*:*:*:*:*:*:* |
osvdb.org/77340
osvdb.org/77341
osvdb.org/77342
osvdb.org/77343
osvdb.org/77344
osvdb.org/77345
osvdb.org/77346
osvdb.org/77347
www.securityfocus.com/archive/1/520619/100/0/threaded
www.securityfocus.com/bid/50777
github.com/Dolibarr/dolibarr/commit/63820ab37537fdff842539425b2bf2881f0d8e91
github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1
github.com/Dolibarr/dolibarr/commit/c539155d6ac2f5b6ea75b87a16f298c0090e535a
github.com/Dolibarr/dolibarr/commit/d08d28c0cda1f762a47cc205d4363de03df16675
www.htbridge.ch/advisory/multiple_vulnerabilities_in_dolibarr.html