Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dolibarr dolibarr erp\\/crm 3.5.3 |