CVE-2012-1225

Dolibarr Erp/crm < 3.2.0 - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Benjamin Kunz Mejri · textwebappsphp

https://www.exploit-db.com/exploits/36683

View Code ZIP pw:eip

References (4)

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2012-02/0056.html

[Vendor Advisory] http://secunia.com/advisories/47969

[Exploit] http://www.securityfocus.com/bid/51956

[Third Party Advisory, VDB Entry] http://osvdb.org/79011

Scores

EPSS 0.0087

EPSS Percentile 75.0%

Classification

CWE

CWE-89

Status draft

Affected Products (13)

dolibarr/dolibarr_erp\/crm < 3.2.0

dolibarr/dolibarr_erp\/crm

dolibarr/dolibarr_erp\/crm

dolibarr/dolibarr_erp\/crm

dolibarr/dolibarr_erp\/crm

dolibarr/dolibarr_erp\/crm

dolibarr/dolibarr_erp\/crm

dolibarr/dolibarr_erp\/crm

dolibarr/dolibarr_erp\/crm

dolibarr/dolibarr_erp\/crm

dolibarr/dolibarr_erp\/crm

dolibarr/dolibarr_erp\/crm

dolibarr/dolibarr_erp\/crm

Timeline

Published Feb 21, 2012

Tracked Since Feb 18, 2026