Description
An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement.
Remediation
References
Related Vulnerabilities
WordPress Plugin Connections Business Directory CSV Injection (9.6)
WordPress Plugin WP Symposium Arbitrary File Upload Vulnerabilities (11.11.26)
WordPress Plugin Custom Dashboard & Login Page-AGCA Multiple Unspecified Vulnerabilities (1.5.4.2)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2901)