Page 5 of 25 results (0.015 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter). Dolibarr ERP/CRM se ha visto afectado por una inyección SQL en las versiones anteriores a la 5.0.4 mediante product/stats/card.php (parámetro type). • https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-010 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. Dolibarr ERP / CRM 4.0.4 tiene un SQL Injection en doli / theme / eldy / style.css.php a través del parámetro lang. Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities. • https://www.foxmole.com/advisories/foxmole-2017-02-23.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. Dolibarr ERP / CRM 4.0.4 tiene un XSS en doli / societe / list.php a través del parámetro sall Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities. • https://www.foxmole.com/advisories/foxmole-2017-02-23.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. Dolibarr ERP / CRM 4.0.4 almacena contraseñas con el algoritmo MD5, lo que facilita los ataques de fuerza bruta. Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities. • https://www.foxmole.com/advisories/foxmole-2017-02-23.txt • CWE-326: Inadequate Encryption Strength •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. Dolibarr ERP/CRM 4.0.4 permite cambios de contraseña sin proporcionar la contraseña actual, lo que facilita a los atacantes físicamente cerca obtener acceso a través de una estación de trabajo desatendida. Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities. • https://www.foxmole.com/advisories/foxmole-2017-02-23.txt • CWE-287: Improper Authentication •