Lucene search

Veracode Vulnerability DatabaseVERACODE:47211

HistoryMay 28, 2024 - 6:30 a.m.

SQL Injection

2024-05-2806:30:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

sql injection

dolibarr

remote attacker

database exfiltration

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

dolibarr/dolibarr is vulnerable to SQL Injection. The vulnerability is caused by improper parameter sanitization within /dolibarr/commande/list.php, which enables a remote attacker to send a specially crafted SQL query resulting in database exfiltration.

CPENameOperatorVersion
dolibarr/dolibarrle15.0.3
dolibarr/dolibarrle15.0.3

CPE	Name	Operator	Version
	dolibarr/dolibarr	le	15.0.3
	dolibarr/dolibarr	le	15.0.3

References

github.com/advisories/GHSA-q8x7-jc3h-p8xc

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dolibarrs-erp-cms

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VERACODE:47211