Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2014-3992

Published: 11/07/2014 Updated: 17/11/2022
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 655
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php.

Vulnerable Product Search on Vulmon Subscribe to Product

dolibarr dolibarr erp\\/crm 3.5.3

Exploits

Exploit DB: Dolibarr ERP/CRM 3.5.3 - Multiple Vulnerabilities
Vulnerability Name: SQL injection Severity: Critical URL: localhost/dolibarr/user/fichephp Affected Users: All authenticated users Issue details: The "entity" parameter appears to be vulnerable to SQL injection attacks A single quote was submitted in the entity parameter, and a database error message was returned The database appears t ...

References

CWE-89http://packetstormsecurity.com/files/127389/Dolibarr-CMS-3.5.3-SQL-Injection-Cross-Site-Scripting.htmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/34007/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2012-1823malicious code‎CVE-2024-5770CVE-2023-45866CVE-2024-35687local usersCVE-2024-31246CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook