Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1225

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-1225
Last Modified 24 Feb 2012 12:00:00
Published 21 Feb 2012 08:31:47
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1225

Summary

Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.

Vulnerable Systems

Application

  • Dolibarr 2.5.0

  • Dolibarr 2.6.0

  • Dolibarr 2.6.1

  • Dolibarr 2.7.0

  • Dolibarr 2.7.1

  • Dolibarr 2.8.0

  • Dolibarr 2.8.1

  • Dolibarr 2.9.0

  • Dolibarr 3.0.0

  • Dolibarr 3.0.1

  • Dolibarr 3.1.0

  • Dolibarr 3.2.0

  • Dolibarr 3.20


References

BID - 51956

SECUNIA - 47969

OSVDB - 79011

BUGTRAQ - 20120210 Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities


Last Updated: 27 May 2016 10:58:18