CVE-2013-2091

Опубликовано: 20 нояб. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.

Ссылки

http://www.openwall.com/lists/oss-security/2013/05/14/3
Mailing List
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/84248
Third Party Advisory
VDB Entry
https://github.com/Dolibarr/dolibarr/commit/9427e32e2ed54c1a2bc519a88c057207836df489
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2013-2091
Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/05/14/3
Mailing List
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/84248
Third Party Advisory
VDB Entry
https://github.com/Dolibarr/dolibarr/commit/9427e32e2ed54c1a2bc519a88c057207836df489
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2013-2091
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dolibarr:dolibarr_erp\/crm:3.3.1:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00737

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2013-2091

CVSS3: 9.8

ubuntu

около 6 лет назад

SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.

CVE-2013-2091

CVSS3: 9.8

debian

около 6 лет назад

SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote at ...

GHSA-6gvv-p465-qpxh

CVSS3: 9.8

github

почти 4 года назад

SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.

EPSS

Процентиль: 72%

0.00737

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89