CVE-2012-1225
high
CVSS v3
—
CVSS v2
7.5
VIR risk
7.5
Description
Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — http://secunia.com/advisories/47969
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| dolibarr | dolibarr_erp\/crm | {"endIncluding":"3.2.0"} | |
| dolibarr | dolibarr_erp\/crm | 2.5.0 | |
| dolibarr | dolibarr_erp\/crm | 2.6.0 | |
| dolibarr | dolibarr_erp\/crm | 2.6.1 | |
| dolibarr | dolibarr_erp\/crm | 2.7.0 | |
| dolibarr | dolibarr_erp\/crm | 2.7.1 | |
| dolibarr | dolibarr_erp\/crm | 2.8.0 | |
| dolibarr | dolibarr_erp\/crm | 2.8.1 | |
| dolibarr | dolibarr_erp\/crm | 2.9.0 | |
| dolibarr | dolibarr_erp\/crm | 3.0.0 | |
| dolibarr | dolibarr_erp\/crm | 3.0.1 | |
| dolibarr | dolibarr_erp\/crm | 3.1.0 | |
References
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0056.html
- http://osvdb.org/79011
- http://secunia.com/advisories/47969
- http://www.securityfocus.com/bid/51956
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0056.html
- http://osvdb.org/79011
- http://secunia.com/advisories/47969
- http://www.securityfocus.com/bid/51956
CWEs
CWE-89
Verify integrity in audit chain (admin only). AS-IS.