CVE-2017-14238

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1820%

EPSS Percentile41.44th

PublishedSep 11, 2017

Last ModifiedMay 13, 2026

Vulnerability Description

SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter.

Affected Platforms (CPE)

📦

Dolibarr

= 6.0.0

References & Advisories

🔗 https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548

Related Vulnerabilities

CVE-2017-178979.8

SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary S...

CVE-2017-142429.8

SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands vi...

CVE-2017-94359.8

Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).

CVE-2017-178999.8

SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execut...