CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17897
https://notcve.org/view.php?id=CVE-2017-17897
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en comm/multiprix.php en Dolibarr ERP/CRM versión 6.0.4 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro id. • https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17898
https://notcve.org/view.php?id=CVE-2017-17898
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. Dolibarr ERP/CRM versión 6.0.4 no bloquea peticiones directas en archivos *.tpl.php, lo que permite que atacantes remotos obtengan información sensible. • https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c https://github.com/Dolibarr/dolibarr/commit/6a62e139604dbbd5729e57df2433b37a5950c35c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17900
https://notcve.org/view.php?id=CVE-2017-17900
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. Una vulnerabilidad de inyección SQL en fourn/index.php en Dolibarr ERP/CRM versión 6.0.4 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro socid. • https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7886 – Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses
https://notcve.org/view.php?id=CVE-2017-7886
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. Dolibarr ERP / CRM 4.0.4 tiene un SQL Injection en doli / theme / eldy / style.css.php a través del parámetro lang. Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities. • https://www.foxmole.com/advisories/foxmole-2017-02-23.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7887 – Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses
https://notcve.org/view.php?id=CVE-2017-7887
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. Dolibarr ERP / CRM 4.0.4 tiene un XSS en doli / societe / list.php a través del parámetro sall Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities. • https://www.foxmole.com/advisories/foxmole-2017-02-23.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •