Veracode Vulnerability DatabaseVERACODE:47213SQL Injection
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
dolibarr/dolibarr is vulnerable to SQL Injection. The vulnerability is due to improper handling of parameters ‘sortorder’ and ‘sortfield’ in ‘/dolibarr/admin/dict.php’, allowing remote attackers to retrieve database information by sending specially crafted SQL queries.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dolibarr/dolibarr | le | 15.0.3 | |
| dolibarr/dolibarr | le | 15.0.3 |
Related
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%