CVE-2011-4802
Dolibarr < 3.1.0 - Authenticated SQL Injection via Multiple Parameters
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2011-4802. PoCs published by High-Tech Bridge SA.
AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in Dolibarr 3.1.0 RC, including a basic example of an SQL injection payload. However, it lacks executable exploit code.
Description
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php.
Exploits (3)
The provided text describes SQL injection and XSS vulnerabilities in Dolibarr 3.1.0 RC, including a basic example of an SQL injection payload. However, it lacks executable exploit code.
The provided text describes SQL injection and XSS vulnerabilities in Dolibarr 3.1.0 RC, with example URLs demonstrating potential exploitation vectors. It does not contain executable exploit code but outlines attack methods.
The provided text describes SQL injection and XSS vulnerabilities in Dolibarr 3.1.0 RC due to improper input sanitization. It includes a sample URL demonstrating SQL injection via the 'rowid' parameter but lacks executable exploit code.