Description

Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).

Remediation

References

CVE-2017-18260

Related Vulnerabilities

WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-8994)

Apache Tomcat Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2018-8037)

WordPress Plugin Admin Columns Pro Cross-Site Scripting (5.5.1)

WordPress Plugin Splashing Images Multiple Vulnerabilities (2.1)

Severity

High

Classification

CVE-2017-18260 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities