An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement.
References
| Link | Resource |
|---|---|
| https://github.com/Dolibarr/dolibarr/commit/abb1ad6bf0469eccd2b58beb20bdabc18fc36e22 | Patch Third Party Advisory |
| https://github.com/Dolibarr/dolibarr/commit/abb1ad6bf0469eccd2b58beb20bdabc18fc36e22 | Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 06:13
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/Dolibarr/dolibarr/commit/abb1ad6bf0469eccd2b58beb20bdabc18fc36e22 - Patch, Third Party Advisory |
11 Apr 2022, 15:21
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:dolibarr:dolibarr_erp\/crm:13.0.2:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
| References | (MISC) https://github.com/Dolibarr/dolibarr/commit/abb1ad6bf0469eccd2b58beb20bdabc18fc36e22 - Patch, Third Party Advisory | |
| CWE | CWE-89 |
31 Mar 2022, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-03-31 18:15
Updated : 2024-11-21 06:13
NVD link : CVE-2021-36625
Mitre link : CVE-2021-36625
CVE.ORG link : CVE-2021-36625
JSON object : View
Products Affected
dolibarr
- dolibarr_erp\/crm
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')