GHSA-GW37-VMVW-F833 Dolibarr SQL Injection in doli/theme/eldy/style.css.php via the lang parameter

Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter...

Dolibarr SQL Injection in doli/theme/eldy/style.css.php via the lang parameter

Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter...

SQL Injection

dolibarr is susceptible to SQL injection attacks. The attacker can execute arbitrary SQL queries through the style.css.php and translate.class.php files because the library does not filter the lang and defaultlang attributes respectively...

CVE-2017-7886

Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter...

Sql injection

Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter...

CVE-2017-7886

Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter...

CVE-2005-3991

Multiple cross-site scripting XSS vulnerabilities in phpMyChat 0.14.6 allow remote attackers to inject arbitrary web script or HTML via the medium parameter to 1 startpage.css.php and 2 style.css.php; or the From parameter to userspopupL.php...

phpMyChat0146.txt

phpMyChat Multiple XSS vulnerabilities. I. BACKGROUND phpMyChat is an easy-to-install, easy-to-use multi-room chat based on PHP and a database, supporting MySQL, PostgreSQL, and ODBC. II. DESCRIPTION phpMyChat 0.14.6 startpage.css.php, style.css.php, userspopupL.php are prone to Cross-site...

PHPMyChat 0.14.6 - 'style.css.php?medium' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15679/info phpMyChat is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...