CVE-2022-0224
published 2022-01-14CVE-2022-0224: dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
PriorityP356critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.99%
78.2th percentile
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr | 0 – 14.0.5 | — |
| dolibarr | dolibarr_dolibarr | >= unspecified < 14.0.6 | 14.0.6 |
| dolibarr | dolibarr_erp_crm | < 15.0.0 | 15.0.0 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.3HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
SQL Injection in dolibarr
osv·2022-01-21
CVE-2022-0224 [HIGH] SQL Injection in dolibarr
SQL Injection in dolibarr
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command.
GHSA
SQL Injection in dolibarr
ghsa·2022-01-21
CVE-2022-0224 [HIGH] CWE-89 SQL Injection in dolibarr
SQL Injection in dolibarr
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command.
OSV
CVE-2022-0224: dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
osv·2022-01-14·CVSS 9.8
CVE-2022-0224 [CRITICAL] CVE-2022-0224: dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
Red Hat
vim: NULL pointer dereference in generate_loadvar() in vim9compile.c
vendor_redhat·2022-08-16·CVSS 5.5
CVE-2022-2874 [MEDIUM] CWE-476 vim: NULL pointer dereference in generate_loadvar() in vim9compile.c
vim: NULL pointer dereference in generate_loadvar() in vim9compile.c
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224.
A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.
Statement: Red Hat Product Security has rated this issue as having a Low security impact because the user has to run an untrusted file IN SCRIPT MODE. Someone who is running untrusted files in script mode is equivalent to someone just taking a random python script and running it.
For additional information, refer to the Issue Severity Classification: https://access.red
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-01-14
Published