SQL Injection

Overview dolibarr/dolibarr is a modern and easy to use web software to manage your business. Affected versions of this package are vulnerable to SQL Injection via the POST parameters such as actioncode, demandreasonid, and availabilityid. PoC Dolibarr ERP/CRM 10.0.1 contains multiple SQL injectio...

CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains SQL injection vulnerabilities in card.php endpoints (parameters such as actioncode, demand_reason_id, availability_id) that allow authenticated attackers to manipulate queries and extract sensitive data. The flaw enables boolean-based blind, error-based, and time-...

CVE-2024-28458

Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c...

Dolibarr ERP-CRM 10.0.1 - SQL Injection

Dolibarr ERP-CRM 10.0.1 - SQL Injection Exploit Title: Dolibarr ERP/CRM - Multiple Sql Injection Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://www.dolibarr.org/ Software Link: https://www.dolibarr.org/downloads Version: 10.0.1 Category: Webapps Tested on: Xampp for Linux...