Description

SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter.

Remediation

References

CVE-2017-14238

Related Vulnerabilities

WordPress Plugin Global Flash Galleries Cross-Site Scripting (0.13.4)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-1580)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-5062)

Oracle JRE CVE-2013-2459 Vulnerability (CVE-2013-2459)

WordPress Plugin Product Addons & Fields for WooCommerce Cross-Site Scripting (32.0.6)

Severity

Critical

Classification

CVE-2017-14238 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities