Main Vulnerability Database Exploits ID:4195 - Exploit for SQL injection in dolibarr - CVE-2011-4802

ID:4195 - Exploit for SQL injection in dolibarr - CVE-2011-4802

Published: August 11, 2020

Vulnerability identifier: #VU44450

Vulnerability risk: Low

CVE-ID: CVE-2011-4802

CWE-ID: CWE-89

Exploitation vector: Remote access

Vulnerable software:
dolibarr

Link to public exploit:

https://www.exploit-db.com/exploits/36333/

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Remediation

Install update from vendor's website.

ID:4195 - Exploit for SQL injection in dolibarr - CVE-2011-4802

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human