EPSS
Percentile
59.4%
dolibarr is susceptible to SQL injection attacks. The attacker can execute arbitrary SQL queries through the style.css.php and translate.class.php files because the library does not filter the lang and defaultlang attributes respectively.
style.css.php
translate.class.php
lang
defaultlang
github.com/Dolibarr/dolibarr/commit/9c482b9f2a021604e29b7321e2e18eed60d08932
github.com/Dolibarr/dolibarr/commit/d7b142beb77a6b32b41a7a0c035594e414533cef
github.com/Dolibarr/dolibarr/pull/6830
www.foxmole.com/advisories/foxmole-2017-02-23.txt