dolibarr/dolibarr is vulnerable to SQL injection attacks. The vulnerability exists through the sortfield
parameter which affects /accountancy/admin/accountmodel.php
, /accountancy/admin/categories_list.php
, /accountancy/admin/journals_list.php
, /admin/dict.php
, /admin/mails_templates.php
, and /admin/website.php
, where it is possible for an arbitrary SQL query to be executed.