dolibarr is susceptible to SQL injection attacks. The attacker can execute arbitrary SQL queries through the style.css.php
and translate.class.php
files because the library does not filter the lang
and defaultlang
attributes respectively.
CPE | Name | Operator | Version |
---|---|---|---|
dolibarr/dolibarr | le | 5.0.3 | |
dolibarr/dolibarr | le | 5.0.3 |