CyberSec.Space Logo
Back to CVE Browser

CVE-2017-17897

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0390%
EPSS Percentile38.99th
PublishedDec 27, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Affected Platforms (CPE)

📦
Dolibarr

Dolibarr Erp\/crm

= 6.0.4

References & Advisories

🔗 https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
🔗 https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c

Related Vulnerabilities

CVE-2018-253579.8

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary c...

CVE-2021-259559.0

In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privile...

CVE-2019-257108.2

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows a...

CVE-2021-336186.1

Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of...