Description

Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.

Remediation

References

CVE-2012-1225

Related Vulnerabilities

Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-1810)

Apache Tomcat CVE-2018-1304 Vulnerability (CVE-2018-1304)

Joomla Improper Input Validation Vulnerability (CVE-2011-4911)

WordPress Plugin Image Optimizer, Resizer and CDN-Sirv SQL Injection (1.3.1)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9700)

Severity

High

Classification

CVE-2012-1225 CWE-138

Tags

Missing Update Known Vulnerabilities