Page 5 of 24 results (0.002 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter). Dolibarr ERP/CRM se ha visto afectado por una inyección SQL en las versiones anteriores a la 5.0.4 mediante product/stats/card.php (parámetro type). • https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-010 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 3

Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php. Múltiples vulnerabilidades de inyección SQL en Dolibarr CMS v3.2.0 Alpha y anteriores permite a usuarios autenticados de forma remota ejecutar comandos SQL a través de (1) el parámetro memberslist (también conocido como Member List) en list.php o (2) el parámetro rowid en adherents/fiche.php. • https://www.exploit-db.com/exploits/36683 http://archives.neohapsis.com/archives/bugtraq/2012-02/0056.html http://osvdb.org/79011 http://secunia.com/advisories/47969 http://www.securityfocus.com/bid/51956 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 7

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/index.php; and the optioncss parameter to (5) admin/ihm.php and (6) user/home.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Dolibarr v3.1.0 RC y probablemente anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de PATH_INFO de (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/index.php; and the optioncss parameter to (5) admin/ihm.php y (6) user/home.php. • https://www.exploit-db.com/exploits/36330 http://www.osvdb.org/77339 http://www.securityfocus.com/archive/1/520619/100/0/threaded http://www.securityfocus.com/bid/50777 https://github.com/Dolibarr/dolibarr/commit/63820ab37537fdff842539425b2bf2881f0d8e91 https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1 https://github.com/Dolibarr/dolibarr/commit/c539155d6ac2f5b6ea75b87a16f298c0090e535a https://github.com/Dolibarr/dolibarr/commit/d08d28c0cda1f762a47cc205d4363de03df16675 https://www.htbridge.ch/advisory& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 11

Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php. Múltiples vulnerabilidades de inyección SQL en Dolibarr v3.1.0 RC y probablemente anteriores, permite a usuarios autenticados remotamente ejecutar comandos SQL de su elección a través del parámetro (1) sortfield, (2) sortorder, y (3) sall de user/index.php y (b) user/group/index.php; el parámetro id de (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, y (8) fiche.php en user/; y (9) el parámetro rowid de admin/boxes.php. • https://www.exploit-db.com/exploits/36333 https://www.exploit-db.com/exploits/36331 https://www.exploit-db.com/exploits/36332 http://osvdb.org/77340 http://osvdb.org/77341 http://osvdb.org/77342 http://osvdb.org/77343 http://osvdb.org/77344 http://osvdb.org/77345 http://osvdb.org/77346 http://osvdb.org/77347 http://www.securityfocus.com/archive/1/520619/100/0/threaded http://www.securityfocus.com/bid/50777 https://github.com/Dolibarr/doliba • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •