#VU44450 SQL injection in dolibarr - CVE-2011-4802
Published: December 14, 2011 / Updated: December 14, 2020
dolibarr
Dolibarr ERP & CRM
Description
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data passed via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
Remediation
External links
- http://osvdb.org/77340
- http://osvdb.org/77341
- http://osvdb.org/77342
- http://osvdb.org/77343
- http://osvdb.org/77344
- http://osvdb.org/77345
- http://osvdb.org/77346
- http://osvdb.org/77347
- http://www.securityfocus.com/archive/1/520619/100/0/threaded
- http://www.securityfocus.com/bid/50777
- https://github.com/Dolibarr/dolibarr/commit/63820ab37537fdff842539425b2bf2881f0d8e91
- https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1
- https://github.com/Dolibarr/dolibarr/commit/c539155d6ac2f5b6ea75b87a16f298c0090e535a
- https://github.com/Dolibarr/dolibarr/commit/d08d28c0cda1f762a47cc205d4363de03df16675
- https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_dolibarr.html