Description
Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Alert Before Your Post Cross-Site Scripting (0.1.1)
WordPress Plugin Rating-Widget:Star Review System Security Bypass (2.8.9)
WordPress Plugin Swipe Checkout for WooCommerce Cross-Site Scripting (2.7.1)
ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-3836)
WordPress Plugin Blue Admin Cross-Site Request Forgery (21.06.01)