Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Dolibarr Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2011-4802 - Vulnerability Database
Dolibarr

Dolibarr Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2011-4802

Medium
Reference: CVE-2011-4802
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2011-4802
Title: Dolibarr Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield (2) sortorder and (3) sall parameters to user/index.php and (b) user/group/index.php the id parameter to (4) info.php (5) perms.php (6) param_ihm.php (7) note.php and (8) fiche.php in user/ and (9) rowid parameter to admin/boxes.php.