Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-1225SQL Injection in ERP CRM

CWE-89SQL Injection5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.8%
top 26.22%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
DolibarrDolibarr ERP CRM
Timeline
PublishedFeb 21
Latest updateMay 17

Description

Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Ubuntudolibarr/dolibarr< 3.5.8+dfsg1-1ubuntu1

🔴Vulnerability Details

3
GHSA
GHSA-m8xg-cxwj-473f: Multiple SQL injection vulnerabilities in Dolibarr CMS 32022-05-17
OSV
CVE-2012-1225: Multiple SQL injection vulnerabilities in Dolibarr CMS 32012-02-21
CVEList
CVE-2012-1225: Multiple SQL injection vulnerabilities in Dolibarr CMS 32012-02-21

💥Exploits & PoCs

1
Exploit-DB
Dolibarr ERP/CRM 3.x - '/adherents/fiche.php' SQL Injection2012-02-10
CVE-2012-1225 — SQL Injection in Dolibarr ERP CRM | cvebase