Description

SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter.

Remediation

References

CVE-2017-14238

Related Vulnerabilities

WordPress Plugin WP Booking System Cross-Site Scripting (1.3.3)

WordPress Plugin WebLibrarian SQL Injection (3.5.4)

WordPress Plugin WP Email Template HTML Injection (2.2.10)

WordPress Plugin AdKlick Advertising Management Unspecified Vulnerability (1.1)

Drupal Core 8.x.x Multiple Security Bypass Vulnerabilities (8.0.0 - 8.8.12)

Severity

Critical

Classification

CVE-2017-14238 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities