Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Dolibarr Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2012-1225 - Vulnerability Database
Dolibarr

Dolibarr Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2012-1225

High
Reference: CVE-2012-1225
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2012-1225
Title: Dolibarr Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.