Description

SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter.

Remediation

References

CVE-2017-17899

Related Vulnerabilities

Internet Information Services Other Vulnerability (CVE-2001-0545)

Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19205)

Oracle Application Server Other Vulnerability (CVE-2007-3863)

Python Out-of-bounds Write Vulnerability (CVE-2009-4134)

WordPress Plugin SEO Backlinks Cross-Site Request Forgery (4.0.1)

Severity

Critical

Classification

CVE-2017-17899 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities