CVE-2011-4802

CVSS V2 Medium 6.5 CVSS V3 None
Description
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php.
Overview
  • CVE ID
  • CVE-2011-4802
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2011-12-14T00:55:04
  • Last Modified Date
  • 2023-02-02T18:08:13
Weakness Enumerations
CWE URL
CWE-89 http://cwe.mitre.org/data/definitions/89.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:rc:*:*:*:*:*:* 1 OR 3.1.0
cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.6.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.7.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.8.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.9.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:dolibarr:dolibarr_erp\/crm:3.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:dolibarr:dolibarr_erp\/crm:3.0.1:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:S/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • SINGLE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 6.5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
http://osvdb.org/77341 Exploit
http://osvdb.org/77346 Exploit
https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_dolibarr.html Exploit
https://github.com/Dolibarr/dolibarr/commit/c539155d6ac2f5b6ea75b87a16f298c0090e535a Exploit Patch
https://github.com/Dolibarr/dolibarr/commit/d08d28c0cda1f762a47cc205d4363de03df16675 Exploit Patch
http://www.securityfocus.com/bid/50777 Exploit
https://github.com/Dolibarr/dolibarr/commit/63820ab37537fdff842539425b2bf2881f0d8e91 Exploit Patch
http://osvdb.org/77343
http://osvdb.org/77347 Exploit
http://osvdb.org/77340 Exploit
https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1 Exploit Patch
http://osvdb.org/77342
http://osvdb.org/77344
http://osvdb.org/77345
http://www.securityfocus.com/archive/1/520619/100/0/threaded
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2011-4802
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4802
History
Created Old Value New Value Data Type Notes
2022-05-10 18:35:34 Added to TrackCVE
2023-02-02 19:03:20 2023-02-02T18:08:13 CVE Modified Date updated
2023-02-02 19:03:20 Undergoing Analysis Analyzed Vulnerability Status updated