7 matches found
Dolibarr Gather Credentials via SQL Injection
This module enables an authenticated user to collect the usernames and encrypted passwords of other users in the Dolibarr ERP/CRM via SQL injection. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModu...
CVE-2018-10094
creationtimestamp| type| source ---|---|--- 2018-05-30 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44805 2018-09-20 03:25:55+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/dolibarrcredssqli.rb 2025-02-06 03:13:43+00:00| seen|...
Dolibarr ERPCRM 7.0.0 - (Authenticated) SQL Injection
Dolibarr ERPCRM 7.0.0 - Authenticated SQL Injection CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The...
Dolibarr ERP/CRM 7.0.0 - (Authenticated) SQL Injection
CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The application does not handle user input properly and allows...
Dolibarr 7.0.0 SQL Injection
CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The application does not handle user input properly and allows...
CVE-2018-10094
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes...
CVE-2018-10094
CVE-2018-10094 affects Dolibarr ERP/CRM prior to version 7.0.2. The vulnerability is a SQL injection that lets remote attackers execute arbitrary SQL commands via integer parameters without quotes, with evidence of exploitation and public PoCs. Exploits are documented (Exploit-DB 44805) and a Met...