Lucene search

K
osvGoogleOSV:GHSA-Q8X7-JC3H-P8XC
HistoryMay 24, 2024 - 2:53 p.m.

Dolibarr vulnerable to SQL Injection

2024-05-2414:53:44
Google
osv.dev
2
dolibarr
erp
crm
sql injection
remote attack
database retrieval
vulnerabilities
software

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.6 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters in /dolibarr/commande/list.php.

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.6 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%