Description

Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php.

Remediation

References

CVE-2011-4802

Related Vulnerabilities

WordPress Plugin Music Store Unspecified Vulnerability (1.0.20)

Oracle JRE CVE-2020-2655 Vulnerability (CVE-2020-2655)

WordPress Plugin White Label CMS Cross-Site Request Forgery (1.5)

WordPress Plugin Affiliate Press Multiple Cross-Site Scripting Vulnerabilities (0.3.8)

WordPress Plugin WooCommerce Customers Manager Multiple Vulnerabilities (26.5)

Severity

Medium

Classification

CVE-2011-4802 CWE-138

Tags

Missing Update Known Vulnerabilities