CyberSec.Space Logo
Back to CVE Browser

CVE-2017-9435

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0670%
EPSS Percentile9.17th
PublishedJun 5, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).

Affected Platforms (CPE)

πŸ“¦
Dolibarr

Dolibarr

<= 5.0.2

References & Advisories

πŸ”— https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog
πŸ”— https://github.com/Dolibarr/dolibarr/commit/70636cc59ffa1ffbc0ce3dba315d7d9b837aad04
πŸ”— https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog
πŸ”— https://github.com/Dolibarr/dolibarr/commit/70636cc59ffa1ffbc0ce3dba315d7d9b837aad04

Related Vulnerabilities

CVE-2017-142429.8

SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands vi...

CVE-2017-178979.8

SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary S...

CVE-2017-142389.8

SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary...

CVE-2017-178999.8

SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execut...