GHSA-FFF9-M6F6-Q3MH Dolibarr SQL Injection vulnerability

SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categorieslist.php, /accountancy/admin/journalslist.php, /admin/dict.php,...

CVE-2019-16688

Dolibarr 9.0.5 has stored XSS in an Email Template section to mailstemplates.php. A user with no privileges can inject script to attack the admin. This stored XSS can affect all types of user privilege from Admin to users with no permissions...

CVE-2019-16688

Dolibarr 9.0.5 is affected by a stored XSS in the Email Template section (mails_templates.php). A user with no privileges can inject script to attack the admin, with impact across privilege levels as described. No patch/fix details are provided in the connected documents.

CVE-2018-9019

SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categorieslist.php, /accountancy/admin/journalslist.php, /admin/dict.php,...

Sql injection

SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categorieslist.php, /accountancy/admin/journalslist.php, /admin/dict.php,...