CVE-2012-1225
Last modified
CVE-2012-1225 is a vulnerability of currently unknown severity. Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.. EPSS estimates a 2.58% chance of exploitation in the next 30 days.
Description
Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Dolibarr | Dolibarr Erp\/Crm | <= 3.2.0 | Alpha |
| Dolibarr | Dolibarr Erp\/Crm | 2.5.0 | — |
| Dolibarr | Dolibarr Erp\/Crm | 2.6.0 | — |
| Dolibarr | Dolibarr Erp\/Crm | 2.6.1 | — |
| Dolibarr | Dolibarr Erp\/Crm | 2.7.0 | — |
| Dolibarr | Dolibarr Erp\/Crm | 2.7.1 | — |
| Dolibarr | Dolibarr Erp\/Crm | 2.8.0 | — |
| Dolibarr | Dolibarr Erp\/Crm | 2.8.1 | — |
| Dolibarr | Dolibarr Erp\/Crm | 2.9.0 | — |
| Dolibarr | Dolibarr Erp\/Crm | 3.0.0 | — |
| Dolibarr | Dolibarr Erp\/Crm | 3.0.1 | — |
| Dolibarr | Dolibarr Erp\/Crm | 3.1.0 | — |
References
- http://secunia.com/advisories/47969Vendor Advisory
- http://secunia.com/advisories/47969Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-1225?
How severe is CVE-2012-1225?
How do I fix CVE-2012-1225?
Are you affected by CVE-2012-1225?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST