Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and previous versions allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dolibarr dolibarr erp\\/crm 2.9.0 |
||
dolibarr dolibarr erp\\/crm 2.8.1 |
||
dolibarr dolibarr erp\\/crm 2.6.0 |
||
dolibarr dolibarr erp\\/crm 3.0.0 |
||
dolibarr dolibarr erp\\/crm 2.7.1 |
||
dolibarr dolibarr erp\\/crm 2.6.1 |
||
dolibarr dolibarr erp\\/crm |
||
dolibarr dolibarr erp\\/crm 2.5.0 |
||
dolibarr dolibarr erp\\/crm 3.1.0 |
||
dolibarr dolibarr erp\\/crm 2.8.0 |
||
dolibarr dolibarr erp\\/crm 2.7.0 |
||
dolibarr dolibarr erp\\/crm 3.0.1 |