Description
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php.
Exploits (3)
exploitdb
WRITEUP
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/36332
exploitdb
WRITEUP
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/36331
exploitdb
WRITEUP
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/36333
References (15)
Core 15
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/520619/100/0/threaded
Broken Link, Exploit vdb-entry
x_refsource_osvdb
http://osvdb.org/77346
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/77340
Exploit, Patch x_refsource_confirm
https://github.com/Dolibarr/dolibarr/commit/d08d28c0cda1f762a47cc205d4363de03df16675
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/77341
Exploit x_refsource_misc
https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_dolibarr.html
Exploit, Patch x_refsource_confirm
https://github.com/Dolibarr/dolibarr/commit/63820ab37537fdff842539425b2bf2881f0d8e91
Exploit, Patch x_refsource_confirm
https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/77345
Exploit, Patch x_refsource_confirm
https://github.com/Dolibarr/dolibarr/commit/c539155d6ac2f5b6ea75b87a16f298c0090e535a
Broken Link, Exploit vdb-entry
x_refsource_osvdb
http://osvdb.org/77347
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/77344
Exploit, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/50777
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/77343
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/77342
Scores
EPSS
0.0265
EPSS Percentile
85.8%
Details
CWE
CWE-89
Status
published
Products (11)
dolibarr/dolibarr_erp\/crm
2.5.0
dolibarr/dolibarr_erp\/crm
2.6.0
dolibarr/dolibarr_erp\/crm
2.6.1
dolibarr/dolibarr_erp\/crm
2.7.0
dolibarr/dolibarr_erp\/crm
2.7.1
dolibarr/dolibarr_erp\/crm
2.8.0
dolibarr/dolibarr_erp\/crm
2.8.1
dolibarr/dolibarr_erp\/crm
2.9.0
dolibarr/dolibarr_erp\/crm
3.0.0
dolibarr/dolibarr_erp\/crm
3.0.1
... and 1 more
Published
Dec 14, 2011
Tracked Since
Feb 18, 2026