Description
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-5832 Vulnerability (CVE-2013-5832)
WordPress Plugin Booking Calendar SQL Injection (8.4.4)
Sqlite Improper Input Validation Vulnerability (CVE-2017-13685)
WordPress Plugin Apptivo eCommerce Multiple Cross-Site Scripting Vulnerabilities (1.1.5)
WordPress Plugin WP Ultimate Email Marketer Multiple Vulnerabilities (1.1.0)