CVE-2017-14242

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0320%

EPSS Percentile25.91th

PublishedSep 11, 2017

Last ModifiedMay 13, 2026

Vulnerability Description

SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter.

Affected Platforms (CPE)

📦

Dolibarr

= 6.0.0

References & Advisories

🔗 https://github.com/Dolibarr/dolibarr/commit/33e2179b65331d9d9179b59d746817c5be1fecdb

Related Vulnerabilities

CVE-2017-94359.8

Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).

CVE-2017-178979.8

SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary S...

CVE-2017-142389.8

SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary...

CVE-2017-178999.8

SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execut...