GHSA-57wj-22w9-wm9r

Source

https://github.com/advisories/GHSA-57wj-22w9-wm9r

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-57wj-22w9-wm9r/GHSA-57wj-22w9-wm9r.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-57wj-22w9-wm9r

Aliases

CVE-2018-10094

Published

2022-05-14T03:15:06Z

Modified

2024-04-24T21:11:51.989748Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Dolibarr SQL injection vulnerability

Details

SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.

Database specific

{
    "nvd_published_at": "2018-05-22T20:29:00Z",
    "cwe_ids": [
        "CWE-89"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-24T20:44:36Z"
}

References

Affected packages

Packagist / dolibarr/dolibarr

Package

Name: dolibarr/dolibarr
Purl: pkg:composer/dolibarr/dolibarr

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.2

Affected versions

3.*

3.6.0-beta

3.6.0

3.6.1

3.6.2

3.6.3

3.6.4

3.6.5

3.6.6

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.8.0-beta

3.8.0

3.8.1

3.8.2

3.8.3

3.8.4

3.9.0-rc

3.9.0-rc2

3.9.0

3.9.1

3.9.2

3.9.3

3.9.4

4.*

4.0.0-beta

4.0.0-rc

4.0.0-rc2

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

5.*

5.0.0-beta

5.0.0-rc1

5.0.0-rc2

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

6.*

6.0.0-beta

6.0.0-rc

6.0.0

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

7.*

7.0.0

7.0.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-57wj-22w9-wm9r/GHSA-57wj-22w9-wm9r.json"