16 matches found
Malicious code in lyst-product-card-generator (npm)
The package lyst-product-card-generator was found to contain malicious code...
Malicious code in product_card_grid (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7cff91597e126b61f1bb6911119a35d329959dadbfee0c086ccd4c7d79bf2ca7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2020-13709 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr version 11.0.4 Description: The issue concerns multiple stored Cross-Site Scripting XSS vulnerabilities. These could allow remote authenticated attackers to inject arbitrary web script or HTML. This can be done via several API...
Dolibarr SQL Injection Vulnerability (CNVD-2019-00361)
Dolibarr is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A SQL injection vulnerability exists in the product/card.php file in...
UBUNTU-CVE-2018-19994
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter...
PT-2019-9959 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr version 8.0.2 Description: The issue is related to an error-based SQL injection, allowing remote authenticated users to execute arbitrary SQL commands. This is achieved by manipulating the desiredstock parameter in the product/card.p...
SQL Injection
dolibarr/dolibarr is vulnerable to SQL Injection attacks. The application does not properly sanitize the countryid parameter in product/card.php, allowing a malicious user to inject and execute arbitrary SQL commands...
Dolibarr ERP/CRM SQL Injection Vulnerability (CNVD-2018-13453)
Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A SQL injection vulnerability exists in the product/card.php...
Dolibarr ERP/CRM SQL Injection Vulnerability (CNVD-2018-13454)
Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A SQL injection vulnerability exists in the product/card.php...
Dolibarr ERP/CRM SQL Injection Vulnerability (CNVD-2018-13460)
Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A SQL injection vulnerability exists in the product/card.php...
Dolibarr ERP/CRM SQL Injection Vulnerability (CNVD-2018-13459)
Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A SQL injection vulnerability exists in the product/card.php...
UBUNTU-CVE-2018-13448
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the countryid parameter...
UBUNTU-CVE-2018-13449
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statutbuy parameter...
UBUNTU-CVE-2018-13447
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter...
UBUNTU-CVE-2018-13450
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statusbatch parameter...
PT-2018-11830 · Dolibarr · Dolibarr Erp/Crm
Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM version 7.0.3 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the statut parameter in the product/card.php file. Recommendations: For Dolibarr ERP/CRM version 7.0.3, avoi...