Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2011-12-14T00:00:00
Updated: 2024-08-07T00:16:34.977Z
Reserved: 2011-12-13T00:00:00
Link: CVE-2011-4802
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2011-12-14T00:55:04.543
Modified: 2023-02-02T18:08:13.390
Link: CVE-2011-4802
Redhat
No data.