header-logo
Suggest Exploit
vendor:
Dolibarr
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS), SQL Injection
79, 89
CWE
Product Name: Dolibarr
Affected Version From: 3.1.0 RC
Affected Version To: 3.1.0 RC
Patch Exists: NO
Related CWE:
CPE: a:dolibarr:dolibarr:3.1.0
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Multiple vulnerabilities in Dolibarr

Dolibarr is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Ensure that user-supplied input is properly sanitized before using it in dynamically generated content. Implement parameterized queries or prepared statements to prevent SQL injection attacks. Use output encoding techniques to prevent cross-site scripting (XSS) vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/50777/info
   
Dolibarr is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
   
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
   
Dolibarr 3.1.0 RC is vulnerable; prior versions may also be affected. 

http://www.example.com/admin/boxes.php?action=delete&rowid=SQL_CODE_HERE

Navigation

Suggest Exploit

Services By CQR