CVE-2011-4802 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:S/C:P/I:P/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 83%

Vendor	Product	Version
dolibarr	dolibarr_erp\/crm	𝑥 ≤ 3.1.0
dolibarr	dolibarr_erp\/crm	2.5.0
dolibarr	dolibarr_erp\/crm	2.6.0
dolibarr	dolibarr_erp\/crm	2.6.1
dolibarr	dolibarr_erp\/crm	2.7.0
dolibarr	dolibarr_erp\/crm	2.7.1
dolibarr	dolibarr_erp\/crm	2.8.0
dolibarr	dolibarr_erp\/crm	2.8.1
dolibarr	dolibarr_erp\/crm	2.9.0
dolibarr	dolibarr_erp\/crm	3.0.0
dolibarr	dolibarr_erp\/crm	3.0.1

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

References

http://osvdb.org/77340

http://osvdb.org/77341

http://osvdb.org/77342

http://osvdb.org/77343

http://osvdb.org/77344

http://osvdb.org/77345

http://osvdb.org/77346

http://osvdb.org/77347

http://www.securityfocus.com/archive/1/520619/100/0/threaded

http://www.securityfocus.com/bid/50777

https://github.com/Dolibarr/dolibarr/commit/63820ab37537fdff842539425b2bf2881f0d8e91

https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1

https://github.com/Dolibarr/dolibarr/commit/c539155d6ac2f5b6ea75b87a16f298c0090e535a

https://github.com/Dolibarr/dolibarr/commit/d08d28c0cda1f762a47cc205d4363de03df16675

https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_dolibarr.html

http://osvdb.org/77340

http://osvdb.org/77341

http://osvdb.org/77342

http://osvdb.org/77343

http://osvdb.org/77344

http://osvdb.org/77345

http://osvdb.org/77346

http://osvdb.org/77347

http://www.securityfocus.com/archive/1/520619/100/0/threaded

http://www.securityfocus.com/bid/50777

https://github.com/Dolibarr/dolibarr/commit/63820ab37537fdff842539425b2bf2881f0d8e91

https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1

https://github.com/Dolibarr/dolibarr/commit/c539155d6ac2f5b6ea75b87a16f298c0090e535a

https://github.com/Dolibarr/dolibarr/commit/d08d28c0cda1f762a47cc205d4363de03df16675

https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_dolibarr.html