Description
Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextMove Lite-Thank You Page for WooCommerce Cross-Site Request Forgery (2.18.1)
WordPress Plugin WP-UserOnline URL HTML Injection (2.62)
WordPress Plugin Cool Tag Cloud Cross-Site Scripting (2.25)
WordPress Plugin Timetable and Event Schedule by MotoPress Unspecified Vulnerability (2.4.3)