2 matches found
CVE-2014-3992
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the 1 entity parameter in an update action to user/fiche.php or 2 sortorder parameter to user/group/index.php...
PT-2014-5659 · Dolibarr · Dolibarr Erp/Crm
Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM version 3.5.3 Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via the entity parameter in an update action to "user/fiche.php" or the sortorder parameter to...