CVE-2017-9839SQL Injection in ERP CRM

CWE-89SQL Injection5 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 55.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dolibarr ERP CRMDolibarr
Timeline
PublishedApr 11
Latest updateMay 14

Description

Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

Packagistdolibarr/dolibarr< 5.0.4

🔴Vulnerability Details

4
OSV
Dolibarr SQL injection via type parameter in product/stats/card.php2022-05-14
GHSA
Dolibarr SQL injection via type parameter in product/stats/card.php2022-05-14
OSV
CVE-2017-9839: Dolibarr ERP/CRM is affected by SQL injection in versions before 52018-04-11
CVEList
CVE-2017-9839: Dolibarr ERP/CRM is affected by SQL injection in versions before 52018-04-11
CVE-2017-9839 — SQL Injection in Dolibarr ERP CRM | cvebase