|
Description
|
|
Multiple vulnerabilities have been discovered in Dolibarr ERP/CRM, which can be exploited by malicious users to conduct SQL injection attacks and compromise a vulnerable system.
1) Input passed via the "rowid" parameter to adherents/fiche.php not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation of this vulnerability requires the "Members" module within the "Human Resource Management" section to be enabled (disabled by default) and "Read members" permissions.
2) Input passed via the "sql_compat" parameter to admin/tools/export.php is not properly sanitised before being used in an "popen()" call. This can be exploited to inject and execute arbitrary shell commands.
Successful exploitation of this vulnerability requires administrator privileges.
The vulnerabilities are confirmed in version 3.1.1. Other versions may also be affected.
|
