CVE-2011-4802
Published Dec 14, 2011
Last updated 2 years ago
Overview
- Description
- Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-89
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:rc:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8435A171-ACA4-4931-B646-E829980EB50B",
"versionEndIncluding": "3.1.0"
},
{
"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:2.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A142CF43-7F6C-458D-A33A-95122F9FFD1B"
},
{
"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:2.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B60D0BC1-9AD6-423B-854E-1220D5ABD816"
},
{
"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:2.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5708BC71-BFEE-45C8-AD13-0EB80A3A9061"
},
{
"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:2.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D72FE70D-4B44-4E4A-A329-A0C4ADD9BA77"
},
{
"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:2.7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3D7F53EC-2A03-451E-B10D-4C5B948459EB"
},
{
"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:2.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E1C8870-EFA2-409E-8117-BFA501D5175C"
},
{
"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:2.8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8CFBFBAA-2FA6-4E79-AD8C-F25C0F32B38A"
},
{
"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:2.9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "076C9D6B-D37B-4F85-8742-210B52BC3F1E"
},
{
"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:3.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2ADB858-5C11-4ADC-B199-50D44CA9B625"
},
{
"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:3.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5097EB36-40E2-4C73-B5B1-787917BE22F3"
}
],
"operator": "OR"
}
]
}
]