Dolibarr ERP and CRM version 3.5.3 suffers from multiple remote SQL injection vulnerabilities.
Vulnerability title: Multiple SQL Injections in Dolibarr ERP & CRM
CVE: CVE-2014-7137
Vendor: Dolibarr ERP & CRM
Product: Dolibarr ERP & CRM
Affected version: 3.5.3
Fixed version: 3.6.1
Reported by: Jerzy Kramarz
Details:
SQL injection has been found and confirmed within the software as an authenticated user. A successful attack could allow an authenticated attacker to access information such as usernames and password hashes that are stored in the database.
The following URL and parameters have been confirmed to suffer from various forms of SQL injections:
http://[IP]/dolibarr/product/stock/fiche.php?action=edit&id=1<SQL Injection>
http://[IP]/dolibarr/product/stock/liste.php?sref=55<SQL Injection>&token=142abe4c1c4b84c3d0c81533c3840cc4&sall=55
http://[IP]/dolibarr/product/stock/[emailΒ protected]&token=142abe4c1c4b84c3d0c81533c3840cc4&sall=55<SQL Injection>
http://[IP]/dolibarr/projet/element.php?ref=PJ1407<SQL Injection>
http://[IP]/dolibarr/projet/tasks/index.php?search_project=5<SQL Injection>bqve&button_search.x=1&button_search.y=1&mode=
http://[IP]/dolibarr/compta/prelevement/demandes.php?search_societe=5<SQL Injection>&search_facture=5&button_search.x=1&button_search.y=1
http://[IP]/dolibarr/comm/mailing/liste.php?sref=5<SQL Injection>&sall=5&x=1&y=1
http://[IP]/dolibarr/comm/mailing/liste.php?sref=5&sall=5<SQL Injection>&x=1&y=1
http://[IP]/dolibarr/compta/sociales/index.php?search_label=5<SQL Injection>&button_search.x=1&button_search.y=1
http://[IP]/dolibarr/compta/paiement/cheque/liste.php?sortfield=bc.number<SQL Injection>&sortorder=asc&begin=&
http://[IP]/dolibarr/compta/paiement/cheque/liste.php?sortfield=bc.number&sortorder=asc<SQL Injection>&begin=&
http://[IP]/dolibarr/compta/prelevement/rejets.php?sortfield=p.ref<SQL Injection>&sortorder=asc&begin=&
http://[IP]/dolibarr/compta/prelevement/rejets.php?sortfield=p.ref&sortorder=asc<SQL Injection>&begin=&
http://[IP]/dolibarr/product/liste.php?sortfield=p.ref&sortorder=asc&begin=&sref=&snom=&sall=&tosell=<SQL Injection>&tobuy=&type=&
http://[IP]/dolibarr/product/liste.php?sortfield=p.ref&sortorder=asc&begin=&sref=&snom=&sall=&tosell=&tobuy=<SQL Injection>&type=&
http://[IP]/dolibarr/product/reassort.php?toolowstock=on&snom=5&sortorder=ASC&sref=5&token=d638ca7f80a7ad68e2cf327a75f954a6&button_search.x=1&button_search.y=1&type=&search_categ=4<SQL Injection>&sortfield=stock_physique
http://[IP]/dolibarr/product/liste.php?sortfield=p.ref&sortorder=asc&begin=&sref=&snom=&sall=&tosell=1<SQL Injection>&tobuy=&type=&
http://[IP]/dolibarr/product/liste.php?sortfield=p.ref&sortorder=asc&begin=&sref=&snom=&sall=&tosell=1&tobuy=<SQL Injection>&type=&
http://[IP]/dolibarr/product/stats/commande_fournisseur.php?sortfield=c.rowid<SQL Injection>&sortorder=asc&begin=&id=2
http://[IP]/dolibarr/product/stats/commande_fournisseur.php?sortfield=c.rowid&sortorder=asc<SQL Injection>&begin=&id=2
http://[IP]/dolibarr/product/stats/contrat.php?sortfield=c.rowid<SQL Injection>&sortorder=asc&begin=&id=2
http://[IP]/dolibarr/product/stats/contrat.php?sortfield=c.rowid'&sortorder=asc<SQL Injection>&begin=&id=2
http://[IP]/dolibarr/product/stats/facture_fournisseur.php?sortfield=s.rowid<SQL Injection>&sortorder=asc&begin=&id=2
http://[IP]/dolibarr/product/stats/facture_fournisseur.php?sortfield=s.rowid&sortorder=asc<SQL Injection>&begin=&id=2
http://[IP]/dolibarr/product/stats/propal.php?sortfield=p.rowid<SQL Injection>&sortorder=asc&begin=&id=2
http://[IP]/dolibarr/product/stats/propal.php?sortfield=p.rowid&sortorder=asc<SQL Injection>&begin=&id=2
http://[IP]/dolibarr/product/stock/fiche.php?id=0<SQL Injection>
http://[IP]/dolibarr/product/stock/info.php?id=0<SQL Injection>
http://[IP]/dolibarr/product/stock/liste.phpsortfield=e.label&sortorder=asc<SQL Injection>&begin=&
http://[IP]/dolibarr/product/stock/liste.php?sortfield=e.label<SQL Injection>&sortorder=asc&begin=&
http://[IP]/dolibarr/product/reassort.php?toolowstock=on&snom=5&sortorder=ASC&sref=5<SQL Injection>&token=d638ca7f80a7ad68e2cf327a75f954a6&button_search.x=1&button_search.y=1&type=&search_categ=4&sortfield=stock_physique
http://[IP]/dolibarr/product/stock/massstockmove.php?productid=1<SQL Injection>&token=9d491e55462571d39390bd136f4f50da&id_tw=-1&action=addline&qty=5&id_sw=-1&addline=%D8%B1%D8%AA%D8%AE%D8%A7&search_productid=5
http://[IP]/dolibarr/product/stock/replenishorders.php?sortfield=cf.ref&sortorder=asc<SQL Injection>&begin=&
http://[IP]/dolibarr/product/stock/replenishorders.php?sortfield=cf.ref<SQL Injection>&sortorder=asc&begin=&
http://[IP]/dolibarr/projet/contact.php?id=1&action=deletecontact&lineid=21<SQL Injection>
http://[IP]/dolibarr/projet/contact.php?id=1&action=swapstatut&ligne=21<SQL Injection>
http://[IP]/dolibarr/projet/tasks/contact.php?id=1&action=swapstatut&ligne=21<SQL Injection>
http://[IP]/dolibarr/compta/recap-compta.php?socid=1<SQL Injection>
http://[IP]/dolibarr/holiday/index.php?mainmenu=holiday&id=1<SQL Injection>
http://[IP]/dolibarr/projet/tasks/contact.php?id=2&source=internal&token=acff06ed1720e3ec66a16918dcee2bfd&action=addcontact&type=181&contactid=2<SQL Injection>&withproject=1
http://[IP]/dolibarr/product/stock/fiche.php?id=1<SQL Injection>
http://[IP]/dolibarr/projet/contact.php?ref=PJ1407-0002<SQL Injection>
http://[IP]/dolibarr/projet/ganttview.php?ref=PJ1407-0002<SQL Injection>
http://[IP]/dolibarr/product/stock/fiche.php?id=1<SQL Injection>
http://[IP]/dolibarr/projet/note.php?ref=PJ1407-0002<SQL Injection>
http://[IP]/dolibarr/projet/tasks/contact.php?project_ref=PJ1407-0002<SQL Injection>&withproject=1
http://[IP]/dolibarr/projet/tasks.php?ref=PJ1407-0002<SQL Injection>&mode=mine
http://[IP]/dolibarr/projet/tasks/note.php?project_ref=PJ1407-0002<SQL Injection>&withproject=1
http://[IP]/dolibarr/contact/info.php?id=2<SQL Injection>&optioncss=print
http://[IP]/dolibarr/societe/commerciaux.php?socid=117260852<SQL Injection>&optioncss=print
http://[IP]/dolibarr/compta/dons/liste.php?statut=2<SQL Injection>
http://[IP]/dolibarr/societe/rib.php?socid=1<SQL Injection>&optioncss=print
http://[IP]/dolibarr/adherents/liste.php?leftmenu=members&statut=1<SQL Injection>&filter=outofdate&idmenu=9431&mainmenu=members
http://[IP]/dolibarr/product/reassort.php?sortfield=p.ref&sortorder=asc&begin=&tosell=43<SQL Injection>&tobuy=&type=0&fourn_id=&snom=&sref=&
http://[IP]/dolibarr/product/reassort.php?sortfield=p.ref&sortorder=asc&begin=&tosell=&tobuy=3<SQL Injection>&type=0&fourn_id=&snom=&sref=&
http://[IP]/dolhttp://[IP]/dolibarr/product/index.php?leftmenu=product&type=0<SQL Injection>&idmenu=2819&mainmenu=products
http://[IP]/dolibarr/product/stats/facture.php?sortfield=s.rowid<SQL Injection>&sortorder=asc&begin=&id=2
http://[IP]/dolibarr/product/stats/facture.php?sortfield=s.rowid&sortorder=asc<SQL Injection>&begin=&id=2
http://[IP]/dolibarr/user/index.php?sortfield=u.login&sortorder=asc&begin=search_user=&sall=&search_statut=<SQL Injection>&
http://[IP]/dolibarr/compta/bank/fiche.php?id=<SQL Injection>
http://[IP]/dolibarr/compta/prelevement/liste.php?search_code=5<SQL Injection>&search_societe=5&search_ligne=5&search_bon=5&button_search.x=1&button_search.y=1
http://[IP]/dolibarr/compta/prelevement/liste.php?search_code=5&search_societe=5<SQL Injection>&search_ligne=5&search_bon=5&button_search.x=1&button_search.y=1
http://[IP]/dolibarr/compta/prelevement/liste.php?search_code=5&search_societe=5&search_ligne=5<SQL Injection>&search_bon=5&button_search.x=1&button_search.y=1
http://[IP]/dolibarr/compta/prelevement/liste.php?search_code=5&search_societe=5&search_ligne=5&search_bon=5<SQL Injection>&button_search.x=1&button_search.y=1
http://[IP]/dolibarr/compta/prelevement/bons.php?sortfield=p.ref&sortorder=asc<SQL Injection>&begin=&
http://[IP]/dolibarr/compta/prelevement/bons.php?sortfield=p.ref<SQL Injection>&sortorder=asc&begin=&
http://[IP]/dolibarr/product/stats/commande.php?sortfield=c.rowid&sortorder=asc<SQL Injection>&begin=&id=2
http://[IP]/dolibarr/product/stats/commande.php?sortfield=c.rowid<SQL Injection>&sortorder=asc&begin=&id=2
# 0day.today [2018-01-05] #