HomePentest-Tools.com Logo

Dolibarr < 8.0.4 Multiple Vulnerabilities CVE-2018-19992CVE-2018-19993CVE-2018-19994CVE-2018-19995CVE-2018-19998

Severity
CVSSv3 Score
8.8
Vulnerability description

Dolibarr is prone to multiple vulnerabilities.

Risk description

Dolibarr is prone to multiple vulnerabilities: - CVE-2018-19992: A stored cross-site scripting (XSS) allows remote authenticated users to inject arbitrary web script or HTML via the address (POST) or town (POST) parameter to adherents/type.php - CVE-2018-19993: A reflected cross-site scripting (XSS) allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php - CVE-2018-19994: An error-based SQL injection in product/card.php allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter - CVE-2018-19995: A stored cross-site scripting (XSS) allows remote authenticated users to inject arbitrary web script or HTML via the address (POST) or town (POST) parameter to user/card.php - CVE-2018-19998: SQL injection in user/card.php allows remote authenticated users to execute arbitrary SQL commands via the employee parameter

Recommendation

Update to version 8.0.4 or later.

References
Not available
Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jan 3, 2019
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available