Description
Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Benjamin Kunz Mejri · textwebappsphp
https://www.exploit-db.com/exploits/36683
References (4)
Core 4
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47969
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-02/0056.html
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51956
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/79011
Scores
EPSS
0.0078
EPSS Percentile
73.8%
Details
CWE
CWE-89
Status
published
Products (12)
dolibarr/dolibarr_erp\/crm
2.5.0
dolibarr/dolibarr_erp\/crm
2.6.0
dolibarr/dolibarr_erp\/crm
2.6.1
dolibarr/dolibarr_erp\/crm
2.7.0
dolibarr/dolibarr_erp\/crm
2.7.1
dolibarr/dolibarr_erp\/crm
2.8.0
dolibarr/dolibarr_erp\/crm
2.8.1
dolibarr/dolibarr_erp\/crm
2.9.0
dolibarr/dolibarr_erp\/crm
3.0.0
dolibarr/dolibarr_erp\/crm
3.0.1
... and 2 more
Published
Feb 21, 2012
Tracked Since
Feb 18, 2026