HomePentest-Tools.com Logo

Dolibarr < 3.1RC3 Multiple Vulnerabilities - Active Check CVE-2011-4814CVE-2011-4802

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Dolibarr is prone to multiple cross-site scripting (XSS) and SQL injection (SQLi) vulnerabilities.

Risk description

The flaws are due to improper validation of user-supplied input - Passed via PATH_INFO to multiple scripts allows attackers to inject arbitrary HTML code. - Passed via the sortfield, sortorder, sall, id and rowid parameters to multiple scripts, which allows attackers to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation will allow attacker to execute arbitrary HTML and script code in a users browser session in the context of a vulnerable site and to cause SQL Injection attack to gain sensitive information.

Recommendation

Update to version 3.1RC3 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 14, 2011
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available