Description

SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter.

Remediation

References

CVE-2017-14238

Related Vulnerabilities

WordPress Plugin ResAds Multiple Cross-Site Scripting Vulnerabilities (1.0.1)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2360)

Underscore.js Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-23358)

WordPress 6.4.x Multiple Vulnerabilities (6.4 - 6.4.4)

PHP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2013-1824)

Severity

Critical

Classification

CVE-2017-14238 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities