Description

Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).

Remediation

References

CVE-2017-18260

Related Vulnerabilities

WordPress Plugin Fancy Gallery 'image-upload.php' Arbitrary File Upload (1.2.4)

WordPress Plugin Academy LMS-eLearning and online course solution for WordPress Multiple Security Bypass Vulnerabilities (1.9.16)

Apache Traffic Server Improper Authentication Vulnerability (CVE-2021-38161)

WordPress Plugin RSVPMaker SQL Injection (9.2.6)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3387)

Severity

High

Classification

CVE-2017-18260 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities