Description
An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement.
Remediation
References
Related Vulnerabilities
Zope Web Application Server CVE-2011-3587 Vulnerability (CVE-2011-3587)
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-29052)
OpenSSL Resource Management Errors Vulnerability (CVE-2012-0027)
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2015-8103)
WordPress Plugin Sketchus Pricing Tables Unspecified Vulnerability (2.0)