Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-9839)

Description

Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter).

Remediation

References

Related Vulnerabilities

Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - 1.5.7)

WordPress Plugin BP Profile Search PHP Object Injection (4.5.3)

Oracle Database Server CVE-2016-5516 Vulnerability (CVE-2016-5516)

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-1000195)

MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-5909)

Severity

High

Classification

CVE-2017-9839 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities