Description

Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.

Remediation

References

CVE-2012-1225

Related Vulnerabilities

WordPress Plugin Lightweight Sidebar Manager Cross-Site Request Forgery (1.1.4)

Dolphin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-27969)

MediaWiki Other Vulnerability (CVE-2005-4501)

WordPress Plugin Integration for Contact Form 7 and Infusionsoft Cross-Site Scripting (1.1.2)

Drupal Core 5.x Cross-Site Request Forgery (5.0 - 5.5)

Severity

High

Classification

CVE-2012-1225 CWE-138

Tags

Missing Update Known Vulnerabilities