Vulnerability Details : CVE-2011-4802
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php.
Vulnerability category: Sql Injection
Products affected by CVE-2011-4802
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:rc:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:3.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-4802
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-4802
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2011-4802
-
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4802
-
https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_dolibarr.html
Multiple vulnerabilities in Dolibarr - HTB23056 Security Advisory | ImmuniWebExploit
-
http://www.securityfocus.com/archive/1/520619/100/0/threaded
SecurityFocusThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/50777
Dolibarr Multiple Cross Site Scripting and SQL Injection VulnerabilitiesExploit;Third Party Advisory;VDB Entry
-
https://github.com/Dolibarr/dolibarr/commit/d08d28c0cda1f762a47cc205d4363de03df16675
Fix: Sanitize PHP_SELF · Dolibarr/dolibarr@d08d28c · GitHubExploit;Patch
-
https://github.com/Dolibarr/dolibarr/commit/c539155d6ac2f5b6ea75b87a16f298c0090e535a
Security: More security holes fixed · Dolibarr/dolibarr@c539155 · GitHubExploit;Patch
-
https://github.com/Dolibarr/dolibarr/commit/63820ab37537fdff842539425b2bf2881f0d8e91
Security: A lot of security fixes · Dolibarr/dolibarr@63820ab · GitHubExploit;Patch
-
https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1
Fix: [Bug #232] Multiple Cross-Site-Scripting vulnerabilities · Dolibarr/dolibarr@762f98a · GitHubExploit;Patch
Jump to