Home > Vulnerability Database > CVE-2011-4802

Mend.io Vulnerability Database

CVE-2011-4802

Good to know:

Date: December 13, 2011

Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php.

Language: PHP

Severity Score

6.3

Related Resources (17)

Url: https://github.com/Dolibarr/dolibarr/commit/c539155d6ac2f5b6ea75b87a16f298c0090e535a

Url: http://www.securityfocus.com/bid/50777

Url: http://www.securityfocus.com/archive/1/520619/100/0/threaded

Url: http://osvdb.org/77345

Url: https://github.com/Dolibarr/dolibarr/commit/d08d28c0cda1f762a47cc205d4363de03df16675

Url: http://osvdb.org/77344

Url: http://osvdb.org/77347

Url: http://osvdb.org/77346

Url: https://github.com/Dolibarr/dolibarr/commit/63820ab37537fdff842539425b2bf2881f0d8e91

Url: http://osvdb.org/77341

Url: http://osvdb.org/77340

Url: http://osvdb.org/77343

Url: https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_dolibarr.html

Url: http://osvdb.org/77342

Url: https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-4802

Url: https://www.mend.io/vulnerability-database/CVE-2011-4802

Severity Score

6.3

Weakness Type (CWE)

SQL Injection

CWE-89

Top Fix

Upgrade Version

Upgrade to version 3.1.0

Learn More

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-4802

Good to know:

Date: December 13, 2011

Language: PHP

Severity Score

Related Resources (17)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?