Description

Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php.

Remediation

References

CVE-2014-3992

Related Vulnerabilities

WordPress 'index.php' Cross-Site Scripting Vulnerability (1.5)

Moodle Other Vulnerability (CVE-2006-4943)

Oracle HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43818)

WordPress Plugin WORDPRESS VIDEO GALLERY Multiple Cross-Site Request Forgery Vulnerabilities (2.8)

WordPress Plugin WP Project Manager-Task, team, and project management featuring kanban board and gantt charts Cross-Site Request Forgery (2.4.0)

Severity

Medium

Classification

CVE-2014-3992 CWE-138

Tags

Missing Update Known Vulnerabilities