CVE-2011-4802 - Vulnerability Details

Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dolibarr	Dolibarr Erp\/crm

Configuration 1 [-]

OR	cpe:2.3:a:dolibarr:dolibarr_erp\/crm::rc::::::*
	cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.5.0:::::::*
	cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.6.0:::::::*
	cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.6.1:::::::*
	cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.7.0:::::::*
	cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.7.1:::::::*
	cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.8.0:::::::*
	cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.8.1:::::::*
	cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.9.0:::::::*
	cpe:2.3:a:dolibarr:dolibarr_erp\/crm:3.0.0:::::::*
	cpe:2.3:a:dolibarr:dolibarr_erp\/crm:3.0.1:::::::*

No data.

References

Link	Providers
http://osvdb.org/77340
http://osvdb.org/77341
http://osvdb.org/77342
http://osvdb.org/77343
http://osvdb.org/77344
http://osvdb.org/77345
http://osvdb.org/77346
http://osvdb.org/77347
http://www.securityfocus.com/archive/1/520619/100/0/threaded
http://www.securityfocus.com/bid/50777
https://github.com/Dolibarr/dolibarr/commit/63820ab37537fdff842539425b2bf2881f0d8e91
https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1
https://github.com/Dolibarr/dolibarr/commit/c539155d6ac2f5b6ea75b87a16f298c0090e535a
https://github.com/Dolibarr/dolibarr/commit/d08d28c0cda1f762a47cc205d4363de03df16675
https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_dolibarr.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-12-14T00:00:00

Updated: 2024-08-07T00:16:34.977Z

Reserved: 2011-12-13T00:00:00

Link: CVE-2011-4802

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-12-14T00:55:04.543

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-4802

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object