CVE-2017-17899

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0150%

EPSS Percentile2.99th

PublishedDec 27, 2017

Last ModifiedMay 13, 2026

Vulnerability Description

SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter.

Affected Platforms (CPE)

📦

Dolibarr

Dolibarr Erp\/crm

= 6.0.4

References & Advisories

🔗 https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c

Related Vulnerabilities

CVE-2018-253579.8

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary c...

CVE-2021-259559.0

In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privile...

CVE-2019-257108.2

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows a...

CVE-2021-336186.1

Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of...