CVE-2022-0224SQL Injection in Dolibarr

CWE-89SQL InjectionCWE-476NULL Pointer Dereference6 documents5 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 33.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Dolibarr DolibarrDolibarr ERP CRMDolibarr
Timeline
PublishedJan 14
Latest updateAug 16

Description

dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5dolibarr/dolibarr_dolibarrunspecified14.0.6
Packagistdolibarr/dolibarr14.0.5

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
SQL Injection in dolibarr2022-01-21
GHSA
SQL Injection in dolibarr2022-01-21
OSV
CVE-2022-0224: dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command2022-01-14
CVEList
SQL Injection in dolibarr/dolibarr2022-01-14

📋Vendor Advisories

1
Red Hat
vim: NULL pointer dereference in generate_loadvar() in vim9compile.c2022-08-16
CVE-2022-0224 — SQL Injection in Dolibarr Dolibarr | cvebase