Description
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php.
Remediation
References
Related Vulnerabilities
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-4476)
WordPress Plugin iThemes Exchange:Simple WP Ecommerce Cross-Site Scripting (1.11.18)
Moodle Improper Input Validation Vulnerability (CVE-2006-4936)
Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10324)
WordPress Plugin Shortlinks by Pretty Links-Best WordPress Link Tracking SQL Injection (1.6.7)