Lucene search
K

7 matches found

Metasploit
Metasploit
added 2018/09/20 3:15 a.m.42 views

Dolibarr Gather Credentials via SQL Injection

This module enables an authenticated user to collect the usernames and encrypted passwords of other users in the Dolibarr ERP/CRM via SQL injection. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModu...

9.8CVSS0.8AI score0.71242EPSS
Exploits10
Circl
Circl
added 2018/05/30 12:0 a.m.31 views

CVE-2018-10094

creationtimestamp| type| source ---|---|--- 2018-05-30 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44805 2018-09-20 03:25:55+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/dolibarrcredssqli.rb 2025-02-06 03:13:43+00:00| seen|...

9.8CVSS9.3AI score0.71242EPSS
Exploits10References2
exploitpack
exploitpack
added 2018/05/30 12:0 a.m.37 views

Dolibarr ERPCRM 7.0.0 - (Authenticated) SQL Injection

Dolibarr ERPCRM 7.0.0 - Authenticated SQL Injection CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The...

7.5CVSS0.4AI score0.71242EPSS
Exploits10
Exploit DB
Exploit DB
added 2018/05/30 12:0 a.m.65 views

Dolibarr ERP/CRM 7.0.0 - (Authenticated) SQL Injection

CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The application does not handle user input properly and allows...

9.8CVSS9.4AI score0.71242EPSS
Exploits10
Packet Storm
Packet Storm
added 2018/05/27 12:0 a.m.50 views

Dolibarr 7.0.0 SQL Injection

CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The application does not handle user input properly and allows...

0.2AI score0.71242EPSS
Exploits10
Cvelist
Cvelist
added 2018/05/22 8:0 p.m.29 views

CVE-2018-10094

SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes...

9.8AI score0.71242EPSS
Exploits10References5
CVE
CVE
added 2018/05/22 8:0 p.m.79 views

CVE-2018-10094

CVE-2018-10094 affects Dolibarr ERP/CRM prior to version 7.0.2. The vulnerability is a SQL injection that lets remote attackers execute arbitrary SQL commands via integer parameters without quotes, with evidence of exploitation and public PoCs. Exploits are documented (Exploit-DB 44805) and a Met...

9.8CVSS9.7AI score0.71242EPSS
Exploits10References5Affected Software1
Rows per page
Query Builder