Description

SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter.

Remediation

References

CVE-2017-14238

Related Vulnerabilities

WordPress Plugin Companion Revision Manager-Revision Control Unspecified Vulnerability (1.3)

WordPress Plugin Js-appointment 'searchdata.php' SQL Injection (1.5)

WordPress Plugin Copperleaf Photolog 'cplphoto.php' SQL Injection (0.16)

WordPress Plugin Events Widgets For Elementor And The Events Calendar Security Bypass (1.4.3)

Apache Traffic Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9511)

Severity

Critical

Classification

CVE-2017-14238 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities